{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-44935: Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-44935","status":"final","version":"1","initial_release_date":"2026-07-02T16:00:06.751Z","current_release_date":"2026-07-02T17:30:19.356Z","revision_history":[{"date":"2026-07-02T16:00:06.751Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Missing validation of \"valuesFrom\" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-44935 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-44935"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-44935"},{"category":"external","summary":"github.com","url":"https://github.com/rancher/fleet/security/advisories/GHSA-xr65-5cpm-g36x"}]},"product_tree":{"branches":[{"category":"vendor","name":"SUSE","branches":[{"category":"product_name","name":"Rancher","branches":[{"category":"product_version_range","name":">=0.15.0 <0.15.2","product":{"name":"SUSE Rancher >=0.15.0 <0.15.2","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":">=0.14.0 <0.14.6","product":{"name":"SUSE Rancher >=0.14.0 <0.14.6","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":">=0.13.0 <0.13.11","product":{"name":"SUSE Rancher >=0.13.0 <0.13.11","product_id":"CSAFPID-3","product_identification_helper":{"cpe":"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":">=0.12.0 <0.12.15","product":{"name":"SUSE Rancher >=0.12.0 <0.12.15","product_id":"CSAFPID-4","product_identification_helper":{"cpe":"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-44935","title":"Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer","notes":[{"category":"description","text":"Missing validation of \"valuesFrom\" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1","CSAFPID-2","CSAFPID-3","CSAFPID-4"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL"},"products":["CSAFPID-1","CSAFPID-2","CSAFPID-3","CSAFPID-4"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 0.12.15, 0.13.11, 0.14.6, 0.15.2.","product_ids":["CSAFPID-1","CSAFPID-2","CSAFPID-3","CSAFPID-4"]}]}]}