Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
4167 articles · 176190 vulns · 36/41 feeds (7d)
← Back to list
5.0
CVE-2026-44936EXPLOITEDPATCHED
su · rancher fleet

Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Description

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.

Affected Products

VendorProductVersions
surancher fleet0.15.0, 0.14.0, 0.13.0, 0.12.0, 0.12.14, 0.13.10, 0.14.5, 0.15.1

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
gogithub.com/rancher/fleetGHSA85%

References

  • https://github.com/advisories/GHSA-hx4v-cxpf-vh8m(vendor-advisory)

Related News (1 articles)

Tier C
VulDB9d ago
CVE-2026-44936 | SUSE Rancher up to 0.12.14/0.13.10/0.14.5/0.15.1 Bundle Reader fleet.yaml helmRepoURLRegex incorrect regex (EUVD-2026-41863)
→ No new info (linked only)
CVSS 3.15.0 MEDIUM
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
github.com/rancher/fleet@0.15.2github.com/rancher/fleet@0.14.6github.com/rancher/fleet@0.13.11github.com/rancher/fleet@0.12.15
CWECWE-918
PublishedJul 1, 2026
Last enriched9d agov2
Tags
GHSA-hx4v-cxpf-vh8mgo
Trending Score10
Source articles1
Independent1
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHPRE-CVE
Local Denial-of-Service Attack Vectors in seunshare
Trending: 27
NONECVE-2026-59674
LPE from suricata user to root due to chown in %post in suricata packaging
Trending: 22
NONECVE-2025-8412
VMDP: Potential buffer overflow in the RtlQueryRegistryValues function
Trending: 18
CRITICALCVE-2026-44937EXP
SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components
Trending: 12
NONECVE-2026-44934EXP
Exposed tokens in SUSE Rancher AI Agent logs
Trending: 9

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 1, 2026
Discovered by ZDM
Jul 1, 2026
Actively Exploited
Jul 6, 2026
Patch Available
Jul 6, 2026
Updated: affectedVersions, activelyExploited
Jul 6, 2026

Version History

v2
Last enriched 9d ago
v2Tier C9d ago

Updated affected versions to include 0.12.14, 0.13.10, 0.14.5, and 0.15.1, and marked the vulnerability as actively exploited with no exploit available.

affectedVersionsactivelyExploited
via VulDB
v113d ago

Initial creation