Fleet
Sign in to watchby Rancher
Source repositories
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41050 | Cri | 0.64 | 9.9 | 0.00 | May 13, 2026 | Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`. | |
| CVE-2024-52284 | Hig | 0.43 | 7.7 | 0.00 | Sep 2, 2025 | Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets. |