Summary
SUSE Rancher Fleet contains a critical vulnerability (CVE-2026-41050) that allows attackers to bypass multi-tenant isolation and gain cluster-admin privileges by exploiting the Helm deployer's failure to enforce ServiceAccount impersonation.
Take Action:
If you're using Rancher Fleet to manage Kubernetes clusters, update ASAP to a patched version (Fleet 0.11.13/0.12.14/0.13.10/0.14.5, or Rancher 2.10.11/2.11.13/2.12.9/2.13.5/2.14.1). If you can't patch right away, disable Fleet-monitored repositories for untrusted tenants, audit your Helm charts for use of the lookup function, and rotate any secrets that may have been exposed.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)