{"api_version":"1","generated_at":"2026-07-12T20:49:04+00:00","cve":"CVE-2026-44936","urls":{"html":"https://cve.report/CVE-2026-44936","api":"https://cve.report/api/cve/CVE-2026-44936.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-44936","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-44936"},"summary":{"title":"Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml","description":"Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.","state":"PUBLISHED","assigner":"suse","published_at":"2026-07-06 11:16:27","updated_at":"2026-07-09 20:34:30"},"problem_types":["CWE-918","CWE-918 CWE-918 Server-Side request forgery (SSRF)"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"meissner@suse.de","type":"Secondary","score":"5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://github.com/advisories/GHSA-hx4v-cxpf-vh8m","name":"https://github.com/advisories/GHSA-hx4v-cxpf-vh8m","refsource":"meissner@suse.de","tags":["Exploit","Third Party Advisory","Mitigation"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-44936","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44936","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"SUSE","product":"Rancher","version":"affected 0.15.0 0.15.2 semver","platforms":[]},{"source":"CNA","vendor":"SUSE","product":"Rancher","version":"affected 0.14.0 0.14.6 semver","platforms":[]},{"source":"CNA","vendor":"SUSE","product":"Rancher","version":"affected 0.13.0 0.13.11 semver","platforms":[]},{"source":"CNA","vendor":"SUSE","product":"Rancher","version":"affected 0.12.0 0.12.15 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"44936","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"suse","cpe5":"rancher_fleet","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"44936","cve":"CVE-2026-44936","epss":"0.003700000","percentile":"0.290020000","score_date":"2026-07-08","updated_at":"2026-07-09 00:13:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-44936","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-06T12:47:38.527371Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-06T12:47:45.102Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","packageName":"Fleet","product":"Rancher","repo":"https://github.com/rancher/fleet","vendor":"SUSE","versions":[{"lessThan":"0.15.2","status":"affected","version":"0.15.0","versionType":"semver"},{"lessThan":"0.14.6","status":"affected","version":"0.14.0","versionType":"semver"},{"lessThan":"0.13.11","status":"affected","version":"0.13.0","versionType":"semver"},{"lessThan":"0.12.15","status":"affected","version":"0.12.0","versionType":"semver"}]}],"datePublic":"2026-05-28T09:28:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Missing filtering when the <code>helmRepoURLRegex</code> field isn't set on a <code>GitRepo</code> resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (<code>BasicAuth</code>) to any URL specified in the <code>helm.repo</code> field of a <code>fleet.yaml</code> file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials."}],"value":"Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials."}],"impacts":[{"capecId":"CAPEC-122","descriptions":[{"lang":"en","value":"CAPEC-122 Privilege Abuse"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-918","description":"CWE-918 Server-Side request forgery (SSRF)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-06T09:30:20.688Z","orgId":"404e59f5-483d-4b8a-8e7a-e67604dd8afb","shortName":"suse"},"references":[{"tags":["vendor-advisory"],"url":"https://github.com/advisories/GHSA-hx4v-cxpf-vh8m"}],"source":{"discovery":"EXTERNAL"},"title":"Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"404e59f5-483d-4b8a-8e7a-e67604dd8afb","assignerShortName":"suse","cveId":"CVE-2026-44936","datePublished":"2026-07-06T09:30:20.688Z","dateReserved":"2026-05-08T12:29:48.967Z","dateUpdated":"2026-07-06T12:47:45.102Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-06 11:16:27","lastModifiedDate":"2026-07-09 20:34:30","problem_types":["CWE-918","CWE-918 CWE-918 Server-Side request forgery (SSRF)"],"metrics":{"cvssMetricV31":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T12:47:38.527371Z","id":"CVE-2026-44936","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:rancher_fleet:*:*:*:*:*:*:*:*","versionStartIncluding":"0.12.0","versionEndExcluding":"0.12.15","matchCriteriaId":"8DE7373C-74E0-4B59-AF44-ECB9AC0130B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:rancher_fleet:*:*:*:*:*:*:*:*","versionStartIncluding":"0.13.0","versionEndExcluding":"0.13.11","matchCriteriaId":"D76AA40B-6291-46DC-BE27-BF4B8F6A8B23"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:rancher_fleet:*:*:*:*:*:*:*:*","versionStartIncluding":"0.14.0","versionEndExcluding":"0.14.6","matchCriteriaId":"F267A8DC-9A24-4A98-B765-CEEC0EBC2576"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:rancher_fleet:*:*:*:*:*:*:*:*","versionStartIncluding":"0.15.0","versionEndExcluding":"0.15.2","matchCriteriaId":"BE1A7C49-CBBF-45BA-91F1-D2DA940BE908"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"44936","Ordinal":"1","Title":"Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Reposit","CVE":"CVE-2026-44936","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"44936","Ordinal":"1","NoteData":"Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.","Type":"Description","Title":"Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Reposit"}]}}}