ServiceAccount Impersonation Leak in Fleet Helm Deployer (CVE-2026-41050)
CVE-2026-41050 Published on May 13, 2026
Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.
Vulnerability Analysis
CVE-2026-41050 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2026-41050 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-41050
Want to know whenever a new CVE is published for Suse Rancher? stack.watch will email you.
Affected Versions
SUSE Rancher:- Version 0.15.0 and below 0.15.1 is affected.
- Version 0.14.0 and below 0.14.5 is affected.
- Version 0.13.0 and below 0.13.10 is affected.
- Version 0.12.0 and below 0.12.14 is affected.
- Version 0.11.0 and below 0.11.13 is affected.