Vulnerability-Lookup

CVE-2026-41050 (GCVE-0-2026-41050)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:04 – Updated: 2026-05-14 03:55

Title

Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Summary

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.

Severity ?

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-863 - Incorrect Authorization

Assigner

suse

References

2 references

URL	Tags
https://bugzilla.suse.com/show_bug.cgi?id=CVE-202…
https://github.com/advisories/GHSA-765j-qfrp-hm3j

Impacted products

1 product

Vendor	Product	Version
SUSE	Rancher	Affected: 0.15.0 , < 0.15.1 (semver) Affected: 0.14.0 , < 0.14.5 (semver) Affected: 0.13.0 , < 0.13.10 (semver) Affected: 0.12.0 , < 0.12.14 (semver) Affected: 0.11.0 , < 0.11.13 (semver)

Credits

https://github.com/kodareef5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41050",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:55:58.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "github.com/rancher/fleet",
          "product": "Rancher",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "0.15.1",
              "status": "affected",
              "version": "0.15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.14.5",
              "status": "affected",
              "version": "0.14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.13.10",
              "status": "affected",
              "version": "0.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.12.14",
              "status": "affected",
              "version": "0.12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.11.13",
              "status": "affected",
              "version": "0.11.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "https://github.com/kodareef5"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
            }
          ],
          "value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:05:26.978Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41050"
        },
        {
          "url": "https://github.com/advisories/GHSA-765j-qfrp-hm3j"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41050",
    "datePublished": "2026-05-13T08:04:57.293Z",
    "dateReserved": "2026-04-16T13:37:50.679Z",
    "dateUpdated": "2026-05-14T03:55:58.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-41050",
      "date": "2026-05-17",
      "epss": "0.00039",
      "percentile": "0.11785"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-41050\",\"sourceIdentifier\":\"meissner@suse.de\",\"published\":\"2026-05-13T08:16:16.780\",\"lastModified\":\"2026-05-13T15:35:35.267\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"meissner@suse.de\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41050\",\"source\":\"meissner@suse.de\"},{\"url\":\"https://github.com/advisories/GHSA-765j-qfrp-hm3j\",\"source\":\"meissner@suse.de\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41050\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T10:43:14.966765Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T10:48:02.163Z\"}}], \"cna\": {\"title\": \"Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"https://github.com/kodareef5\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SUSE\", \"product\": \"Rancher\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.15.0\", \"lessThan\": \"0.15.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.14.0\", \"lessThan\": \"0.14.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.13.0\", \"lessThan\": \"0.13.10\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.12.0\", \"lessThan\": \"0.12.14\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.11.0\", \"lessThan\": \"0.11.13\", \"versionType\": \"semver\"}], \"packageName\": \"github.com/rancher/fleet\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41050\"}, {\"url\": \"https://github.com/advisories/GHSA-765j-qfrp-hm3j\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"404e59f5-483d-4b8a-8e7a-e67604dd8afb\", \"shortName\": \"suse\", \"dateUpdated\": \"2026-05-13T08:05:26.978Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-41050\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-13T10:49:04.694Z\", \"dateReserved\": \"2026-04-16T13:37:50.679Z\", \"assignerOrgId\": \"404e59f5-483d-4b8a-8e7a-e67604dd8afb\", \"datePublished\": \"2026-05-13T08:04:57.293Z\", \"assignerShortName\": \"suse\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-765J-QFRP-HM3J

Vulnerability from github – Published: 2026-05-07 01:26 – Updated: 2026-05-14 20:31

Summary

Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Details

Impact

Helm lookup bypass: The Helm template engine ran Kubernetes API queries with the fleet-agent's cluster-admin credentials instead of the impersonated ServiceAccount. A chart template could therefore access resources beyond the tenant's RBAC scope.

valuesFrom bypass: Secret and ConfigMap references in fleet.yaml helm.valuesFrom were read using the fleet-agent's cluster-admin client. A tenant could reference resources in namespaces the impersonated ServiceAccount has no access to. Both issues break Fleet's multi-tenant impersonation boundary. The leaked credentials may belong to external services, making the full impact non-deterministic. Single-tenant deployments where all users are trusted are not affected.

Important: - For the exposure of additional credentials, the final impact severity for confidentiality, integrity and availability is dependent on the permissions the leaked credentials have on their services. - It is recommended to review for potentially leaked credentials in this scenario and to change them if deemed necessary.

Please consult the associated MITRE ATT&CK - Technique - Account Access Removal for further information about this category of attack.

Patches

Both issues are fixed by ensuring the Helm action configuration consistently uses the impersonated ServiceAccount credentials throughout all Helm operations.

Patched versions of Rancher include releases v2.14.1, v2.13.5, v2.12.9, and v2.11.13. For Rancher v2.10.11, users must manually update their Fleet deployment to versionv0.11.13.

Workarounds

No workaround fully mitigates the issue for multi-tenant deployments. The patches should be applied as soon as they are available.

The following measures reduce the attack surface but do not close either vulnerability:

Restrict git push access to Fleet-monitored repositories to trusted users only. In a multi-tenant setup this removes the precondition entirely, but is often not operationally viable.
Use GitRepoRestriction resources to limit which ServiceAccounts each namespace is allowed to use, restricting the set of users who can configure impersonation at all.
Audit deployed chart templates for lookup calls and fleet.yaml files for cross-namespace valuesFrom references as a detective control.

Resources

If there are any questions or comments about this advisory:

Reach out to the SUSE Rancher Security team for security related inquiries.
Open an issue in the Rancher repository.
Verify using the support matrix and product support lifecycle.

Severity ?

9.9 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/fleet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.15.0"
            },
            {
              "fixed": "0.15.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/fleet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.14.0"
            },
            {
              "fixed": "0.14.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/fleet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.13.0"
            },
            {
              "fixed": "0.13.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/fleet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.12.0"
            },
            {
              "fixed": "0.12.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/fleet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.11.0"
            },
            {
              "fixed": "0.11.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41050"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T01:26:06Z",
    "nvd_published_at": "2026-05-13T08:16:16Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nFleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.\n\n**Helm `lookup` bypass:** The Helm template engine ran Kubernetes API queries with the fleet-agent\u0027s cluster-admin credentials instead of the impersonated ServiceAccount. A chart template could therefore access resources beyond the tenant\u0027s RBAC scope.\n\n**`valuesFrom` bypass:** Secret and ConfigMap references in `fleet.yaml` `helm.valuesFrom` were read using the fleet-agent\u0027s cluster-admin client. A tenant could reference resources in namespaces the impersonated ServiceAccount has no access to.\nBoth issues break Fleet\u0027s multi-tenant impersonation boundary. The leaked credentials may belong to external services, making the full impact non-deterministic.\nSingle-tenant deployments where all users are trusted are not affected.\n\n**Important:**\n- For the exposure of additional credentials, the final impact severity for confidentiality, integrity and availability is dependent on the permissions the leaked credentials have on their services.\n- It is recommended to review for potentially leaked credentials in this scenario and to change them if deemed necessary.\n\nPlease consult the associated  [MITRE ATT\u0026CK - Technique - Account Access Removal](https://attack.mitre.org/techniques/T1531/) for further information about this category of attack.\n\n### Patches\n\nBoth issues are fixed by ensuring the Helm action configuration consistently uses the impersonated ServiceAccount credentials throughout all Helm operations.\n\nPatched versions of Rancher include releases `v2.14.1`, `v2.13.5`, `v2.12.9`, and `v2.11.13`. For Rancher `v2.10.11`, users must manually update their Fleet deployment to version`v0.11.13`.\n\n### Workarounds\n\nNo workaround fully mitigates the issue for multi-tenant deployments. The patches should be applied as soon as they are available.\n\nThe following measures reduce the attack surface but do not close either vulnerability:\n\n- Restrict git push access to Fleet-monitored repositories to trusted users only. In a multi-tenant setup this removes the precondition entirely, but is often not operationally viable.\n- Use `GitRepoRestriction` resources to limit which ServiceAccounts each namespace is allowed to use, restricting the set of users who can configure impersonation at all.\n- Audit deployed chart templates for `lookup` calls and `fleet.yaml` files for cross-namespace `valuesFrom` references as a detective control.\n\n### Resources\n\nIf there are any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify using the [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
  "id": "GHSA-765j-qfrp-hm3j",
  "modified": "2026-05-14T20:31:35Z",
  "published": "2026-05-07T01:26:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rancher/fleet/security/advisories/GHSA-765j-qfrp-hm3j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41050"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41050"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rancher/fleet"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering"
}

FKIE_CVE-2026-41050

Vulnerability from fkie_nvd - Published: 2026-05-13 08:16 - Updated: 2026-05-13 15:35

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	meissner@suse.de	https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41050
	meissner@suse.de	https://github.com/advisories/GHSA-765j-qfrp-hm3j

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
    }
  ],
  "id": "CVE-2026-41050",
  "lastModified": "2026-05-13T15:35:35.267",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "meissner@suse.de",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-13T08:16:16.780",
  "references": [
    {
      "source": "meissner@suse.de",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41050"
    },
    {
      "source": "meissner@suse.de",
      "url": "https://github.com/advisories/GHSA-765j-qfrp-hm3j"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-41050 (GCVE-0-2026-41050)

GHSA-765J-QFRP-HM3J

Impact

Patches

Workarounds

Resources

FKIE_CVE-2026-41050

Tags

Sightings

Nomenclature