Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-44936

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 30.8%
CVSS Severity
CVSS v3 Score 5.0
Products affected by CVE-2026-44936


Contact Us

Shodan ® - All rights reserved