Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
4147 articles · 176175 vulns · 36/41 feeds (7d)
← Back to list
7.5
CVE-2026-44937EXPLOITEDPATCHED
su · rancher fleet

SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components

Description

Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.

Affected Products

VendorProductVersions
surancher fleet0.15.0, 0.14.0, 0.13.0, 0.12.0, 0.12.14, 0.13.10, 0.14.5, 0.15.1

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
gogithub.com/rancher/fleetGHSA85%

References

  • https://github.com/rancher/fleet/security/advisories/GHSA-jmf4-m7j9-g72r(vendor-advisory)

Related News (1 articles)

Tier C
VulDB9d ago
CVE-2026-44937 | SUSE SUSE Rancher Fleet up to 0.12.14/0.13.10/0.14.5/0.15.1 denial of service
→ No new info (linked only)
CVSS 3.17.5 CRITICAL
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
github.com/rancher/fleet@0.15.2github.com/rancher/fleet@0.14.6github.com/rancher/fleet@0.13.11github.com/rancher/fleet@0.12.15
CWECWE-918
PublishedJul 1, 2026
Last enriched9d agov2
Tags
GHSA-jmf4-m7j9-g72rgo
Trending Score12
Source articles1
Independent1
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHPRE-CVE
Local Denial-of-Service Attack Vectors in seunshare
Trending: 27
NONECVE-2026-59674
LPE from suricata user to root due to chown in %post in suricata packaging
Trending: 22
NONECVE-2025-8412
VMDP: Potential buffer overflow in the RtlQueryRegistryValues function
Trending: 18
MEDIUMCVE-2026-44936EXP
Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml
Trending: 10
NONECVE-2026-44934EXP
Exposed tokens in SUSE Rancher AI Agent logs
Trending: 9

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 1, 2026
Discovered by ZDM
Jul 1, 2026
Actively Exploited
Jul 6, 2026
Patch Available
Jul 6, 2026
Updated: severity, affectedVersions, activelyExploited
Jul 6, 2026

Version History

v2
Last enriched 9d ago
v2Tier C9d ago

Updated severity to CRITICAL, added new affected versions, and noted that no exploit is available.

severityaffectedVersionsactivelyExploited
via VulDB
v113d ago

Initial creation