Skip to main content

Rancher Fleet CVE-2026-44938

| EUVDEUVD-2026-42039 HIGH
Insufficiently Protected Credentials (CWE-522)
2026-07-01 https://github.com/rancher/fleet GHSA-864g-863m-vcvq
8.8
CVSS 3.1 · Vendor: https://github.com/rancher/fleet
Share

Severity by source

Vendor (https://github.com/rancher/fleet) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Requires authenticated git push (PR:L) over the network; overwriting namespace PSS labels affects other components' security (S:C) and enables integrity/availability impact, with low direct confidentiality effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:L

Primary rating from Vendor (https://github.com/rancher/fleet).

CVSS VectorVendor: https://github.com/rancher/fleet

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 21:17 vuln.today

DescriptionCVE.org

Impact

A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml (or BundleDeployment.spec.options.namespaceLabels) when applying them to the target namespace.

An attacker with git push access to a Fleet-monitored repository could overwrite Pod Security Standards (PSS) enforcement labels on a target namespace. This allows the attacker to weaken admission controls and deploy workloads that PSS policies would otherwise block.

Important: The final impact on confidentiality, integrity, and availability depends on the specific permissions of the leaked credentials.

Fleet team recommends you:

  1. Review your system for potentially leaked credentials.
  2. Replace any credentials that may be compromised.

Please consult the associated MITRE ATT&CK - Technique - Disable or Modify Tools for further information about this category of attack.

Patches

To fix this issue, upgrade to a patched version. The updated Fleet deployer filters out labels with the pod-security.kubernetes.io/ prefix when applying namespaceLabels to a namespace. This change preserves the PSS labels set by cluster administrators and prevents them from being overwritten through fleet.yaml or BundleDeployment options.

Patched versions of Fleet include releases v0.15.2, v0.14.6, v0.13.11, and v0.12.15.

Workarounds

If you can’t immediately upgrade to a patched version, use one of the following workarounds:

1 - Deploy NeuVector(primary workaround)

Deploy NeuVector (SUSE Security) and configure an admission control Deny rule for "Run as privileged" in Protect mode.

  • NeuVector evaluates pod specs independently of Kubernetes PSS namespace labels. It blocks privileged containers even if the labels are downgraded.
  • Although the namespace labels are still overwritten, the attack cannot exploit confidentiality, integrity, or availability without a privileged pod.

2 - Restrict repository access (secondary workaround)

Note: The following measure reduces the attack surface but does not close the vulnerability:

  • In a multi-tenant setup, this restriction removes the primary attack vector. However, this measure only reduces the attack surface and doesn't completely close the vulnerability. It may also not be operationally viable for all organizations. ´

Credits

This security issue was reported by the following collaborators according to our responsible disclosure policy:

  • Radisauskas Arnoldas from NATO and the NATO Cyber Security Centre (NCSC).

References

AnalysisAI

Privilege-escalation via admission-control bypass in Rancher Fleet allows an attacker with git push access to a Fleet-monitored repository to overwrite Pod Security Standards (PSS) enforcement labels on target namespaces. Because Fleet's agent-side deployer failed to filter security-sensitive keys (notably the pod-security.kubernetes.io/ prefix) from namespaceLabels in fleet.yaml or BundleDeployment.spec.options.namespaceLabels, an attacker can downgrade namespace admission enforcement and deploy privileged or otherwise restricted workloads that PSS would normally block. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain git push access to Fleet-monitored repo
Delivery
Edit fleet.yaml namespaceLabels with PSS keys
Exploit
Fleet agent overwrites namespace enforce labels
Execution
PSS admission downgraded on target namespace
Persist
Deploy privileged pod bypassing PSS
Impact
Node-level compromise or lateral movement

Vulnerability AssessmentAI

Exploitation Exploitation requires write (git push) access to a repository that Fleet is configured to monitor, and a target namespace whose security posture is governed by Kubernetes Pod Security Admission labels (`pod-security.kubernetes.io/enforce` etc.) set by administrators. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The assigned CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 8.8 High) reflects a network-reachable, low-complexity attack requiring some privilege (git push access), yielding high C/I/A - but that CIA impact is explicitly conditional: the advisory states final impact depends on the permissions of workloads the attacker can then deploy, so the H/H/H rating represents a worst-case downstream outcome rather than a direct guaranteed effect. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario In a multi-tenant Rancher/Fleet environment, a tenant developer with git push access to a Fleet-monitored repository edits `fleet.yaml` to set `namespaceLabels` including `pod-security.kubernetes.io/enforce: privileged` on a target namespace. Fleet's unpatched agent applies these labels, silently downgrading Pod Security Admission enforcement, after which the attacker commits a manifest deploying a privileged pod (e.g., hostPath mount or hostPID) that PSS would previously have rejected - enabling node-level compromise or lateral movement. …
Remediation Vendor-released patch: upgrade Fleet to v0.15.2, v0.14.6, v0.13.11, or v0.12.15 (whichever matches your minor branch); the patched deployer filters out labels carrying the `pod-security.kubernetes.io/` prefix so cluster-administrator-set PSS labels can no longer be overwritten via `fleet.yaml` or `BundleDeployment` options - see GHSA-864g-863m-vcvq. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit git push access permissions to all Fleet-monitored repositories; review recent commit history for modifications to namespaceLabels containing pod-security.kubernetes.io/* prefixes. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

CVE-2026-44938 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy