CVE-2026-44935

SUSE · Rancher

A missing validation vulnerability in the SUSE Rancher Fleet Helm Deployer allows authenticated tenants to access the fleet credentials of other tenants.

Executive summary

A critical vulnerability in the SUSE Rancher Fleet component allows authenticated tenant users to perform cross-tenant credential theft, jeopardizing the security of managed Kubernetes clusters.

Vulnerability

The vulnerability exists due to missing validation of "valuesFrom" references in the Helm Deployer. This allows a malicious tenant to reference and access sensitive fleet credentials belonging to other tenants within the same Rancher environment.

Business impact

The CVSS score of 9.9 underscores the catastrophic risk to multi-tenant container environments. Unauthorized access to fleet credentials can lead to a total compromise of managed downstream Kubernetes clusters, data leakage, and the potential for an attacker to execute arbitrary code across the entire infrastructure managed by the affected Rancher installation.

Remediation

Immediate Action: Upgrade the SUSE Rancher Fleet component to the patched versions (0.15.2, 0.14.6, 0.13.11, or 0.12.15) as specified in the vendor security advisory.

Proactive Monitoring: Audit existing Helm deployments and review access logs for any unauthorized "valuesFrom" reference attempts or unexpected credential access requests.

Compensating Controls: Temporarily restrict the ability of untrusted users to deploy Helm charts until the patching process is complete.

Exploitation status

Public Exploit Available: No

Analyst recommendation

This vulnerability is highly critical for organizations utilizing SUSE Rancher in multi-tenant configurations. It is imperative that administrators verify their current Fleet version and apply the recommended updates immediately to prevent cross-tenant credential exposure and cluster-wide compromise.