CVE-2026-41050

Name of the Vulnerable Software and Affected Versions Rancher versions prior to v2.14.1 Rancher versions prior to v2.13.5 Rancher versions prior to v2.12.9 Rancher versions prior to v2.11.13 Rancher version v2.10.11

Description Fleet's Helm deployer fails to fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo. This occurs through a Helm lookup bypass, where the template engine executes Kubernetes API queries using the fleet-agent's cluster-admin credentials instead of the impersonated ServiceAccount, and a valuesFrom bypass, where Secret and ConfigMap references in fleet.yaml helm.valuesFrom are read using the fleet-agent's cluster-admin client. These issues break the multi-tenant impersonation boundary, potentially exposing credentials for external services.

Recommendations Update to version v2.14.1. Update to version v2.13.5. Update to version v2.12.9. Update to version v2.11.13. Manually update the Fleet deployment to version v0.11.13. Restrict git push access to Fleet-monitored repositories to trusted users only. Use GitRepoRestriction resources to limit which ServiceAccounts each namespace is allowed to use. Audit deployed chart templates for lookup calls and fleet.yaml files for cross-namespace valuesFrom references. Review for potentially leaked credentials and change them if necessary.