{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/rancher-v2.13.5/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Fleet","Rancher v2.14.1","Rancher v2.13.5","Rancher v2.12.9","Rancher v2.11.13","Rancher v2.10.11"],"_cs_severities":["critical"],"_cs_tags":["fleet","rancher","helm","kubernetes","impersonation","privilege-escalation","cve-2026-41050"],"_cs_type":"advisory","_cs_vendors":["Rancher","SUSE"],"content_html":"\u003cp\u003eA critical vulnerability has been identified in Rancher\u0026rsquo;s Fleet, where the Helm deployer failed to fully apply ServiceAccount impersonation in multi-tenant environments. This flaw allows users with git push access to a Fleet-monitored repository to bypass intended RBAC restrictions and read secrets from any namespace on downstream Kubernetes clusters targeted by their \u003ccode\u003eGitRepo\u003c/code\u003e. The vulnerability manifests in two code paths: a Helm \u003ccode\u003elookup\u003c/code\u003e bypass, where Kubernetes API queries are executed with the fleet-agent\u0026rsquo;s cluster-admin credentials instead of the intended impersonated ServiceAccount, and a \u003ccode\u003evaluesFrom\u003c/code\u003e bypass, where Secret and ConfigMap references in \u003ccode\u003efleet.yaml\u003c/code\u003e are read using the cluster-admin client. This issue affects Rancher versions prior to v2.14.1, v2.13.5, v2.12.9, and v2.11.13, posing a significant risk to multi-tenant deployments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains git push access to a Fleet-monitored repository.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies a Helm chart template within the repository to include a \u003ccode\u003elookup\u003c/code\u003e call that targets sensitive resources in another namespace (e.g., \u003ccode\u003elookup(\u0026quot;v1\u0026quot;, \u0026quot;Secret\u0026quot;, \u0026quot;kube-system\u0026quot;, \u0026quot;my-secret\u0026quot;)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker commits and pushes the malicious changes to the Git repository.\u003c/li\u003e\n\u003cli\u003eFleet automatically synchronizes the changes from the Git repository.\u003c/li\u003e\n\u003cli\u003eThe Helm template engine executes the \u003ccode\u003elookup\u003c/code\u003e call using the fleet-agent\u0026rsquo;s cluster-admin credentials, bypassing the impersonated ServiceAccount.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the contents of the targeted secret from the other namespace.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker modifies the \u003ccode\u003efleet.yaml\u003c/code\u003e file to include a \u003ccode\u003evaluesFrom\u003c/code\u003e reference to a Secret or ConfigMap in another namespace.\u003c/li\u003e\n\u003cli\u003eThe fleet-agent retrieves the specified Secret or ConfigMap using cluster-admin credentials, again bypassing the intended RBAC restrictions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows unauthorized access to sensitive information, potentially including credentials, API keys, and other confidential data stored in Kubernetes secrets. The impact is especially severe in multi-tenant environments, where tenants can compromise the security of other tenants\u0026rsquo; resources. The specific impact depends on the permissions associated with the leaked credentials, and the attacker might use them to further compromise the cluster or external services. Given the critical nature of the vulnerability, prompt patching or mitigation is essential.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Rancher to patched versions, including \u003ccode\u003ev2.14.1\u003c/code\u003e, \u003ccode\u003ev2.13.5\u003c/code\u003e, \u003ccode\u003ev2.12.9\u003c/code\u003e, and \u003ccode\u003ev2.11.13\u003c/code\u003e, to remediate the vulnerabilities. For Rancher \u003ccode\u003ev2.10.11\u003c/code\u003e, manually update the Fleet deployment to version \u003ccode\u003ev0.11.13\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Fleet ValuesFrom Cross Namespace Access\u003c/code\u003e to identify attempts to access Secrets or ConfigMaps in unauthorized namespaces.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Fleet Helm Lookup Cross Namespace Access\u003c/code\u003e to detect malicious Helm chart templates attempting to bypass RBAC restrictions.\u003c/li\u003e\n\u003cli\u003eRestrict git push access to Fleet-monitored repositories to trusted users as much as possible to reduce the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-07T01:26:06Z","date_published":"2026-05-07T01:26:06Z","id":"/briefs/2026-05-rancher-fleet-bypass/","summary":"Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.","title":"Rancher Fleet Helm Impersonation Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-rancher-fleet-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Rancher V2.13.5","version":"https://jsonfeed.org/version/1.1"}