Tag
A vulnerability in Fleet's agent-side deployer (CVE-2026-44938) allows an attacker with `git push` access to a Fleet-monitored repository to overwrite Pod Security Standards (PSS) enforcement labels on target Kubernetes namespaces, bypassing admission controls and enabling the deployment of otherwise prohibited workloads.