PT-2026-54762 · Fleet · Fleet
Published
2026-07-01
·
Updated
2026-07-06
·
CVE-2026-44936
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Fleet versions prior to 0.12.15
Fleet versions prior to 0.13.11
Fleet versions prior to 0.14.6
Fleet versions prior to 0.15.2
Description
Fleet forwards Helm authentication credentials (
BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can specify a malicious URL in helm.repo, causing the Fleet controller to send the configured Helm repository username and password to the attacker's server.Recommendations
Upgrade to Fleet versions 0.12.15, 0.13.11, 0.14.6, or 0.15.2.
As a temporary workaround, set the
helmRepoURLRegex on all GitRepo resources that use helmSecretName to ensure the regular expression matches only legitimate Helm repository URLs.
Review the system for potentially leaked credentials and replace any compromised credentials.Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fleet