{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/pss-bypass/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Fleet \u003e= 0.15.0, \u003c 0.15.2","Fleet \u003e= 0.14.0, \u003c 0.14.6","Fleet \u003e= 0.13.0, \u003c 0.13.11","Fleet \u003e= 0.12.0, \u003c 0.12.15"],"_cs_severities":["high"],"_cs_tags":["kubernetes","fleet","pss-bypass","admission-controller","supply-chain","defense-evasion"],"_cs_type":"advisory","_cs_vendors":["Rancher","SUSE"],"content_html":"\u003cp\u003eA high-severity vulnerability, CVE-2026-44938, has been discovered in the Fleet agent's deployer component. This flaw allows an attacker who has gained \u003ccode\u003egit push\u003c/code\u003e access to a Fleet-monitored repository to manipulate Pod Security Standards (PSS) enforcement labels. Specifically, the \u003ccode\u003eaddLabelsFromOptions\u003c/code\u003e function within the agent fails to properly filter security-sensitive \u003ccode\u003epod-security.kubernetes.io/\u003c/code\u003e prefixed labels from \u003ccode\u003enamespaceLabels\u003c/code\u003e defined in \u003ccode\u003efleet.yaml\u003c/code\u003e or \u003ccode\u003eBundleDeployment.spec.options.namespaceLabels\u003c/code\u003e. This oversight permits an attacker to overwrite and effectively downgrade PSS policies on a target Kubernetes namespace, thereby weakening admission controls and enabling the deployment of malicious or privileged workloads that would normally be blocked. The vulnerability impacts various versions of Fleet, including \u003ccode\u003e0.15.0\u003c/code\u003e to \u003ccode\u003e0.15.1\u003c/code\u003e, \u003ccode\u003e0.14.0\u003c/code\u003e to \u003ccode\u003e0.14.5\u003c/code\u003e, \u003ccode\u003e0.13.0\u003c/code\u003e to \u003ccode\u003e0.13.10\u003c/code\u003e, and \u003ccode\u003e0.12.0\u003c/code\u003e to \u003ccode\u003e0.12.14\u003c/code\u003e. This presents a significant risk to Kubernetes cluster integrity, as it can be leveraged to bypass critical security mechanisms.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access (Git Repository)\u003c/strong\u003e: Attacker gains \u003ccode\u003egit push\u003c/code\u003e access to a Fleet-monitored Git repository, potentially via compromised developer credentials or an insider threat.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConfiguration Modification\u003c/strong\u003e: Attacker modifies the \u003ccode\u003efleet.yaml\u003c/code\u003e file (or \u003ccode\u003eBundleDeployment.spec.options.namespaceLabels\u003c/code\u003e) within the compromised repository to include or modify \u003ccode\u003enamespaceLabels\u003c/code\u003e that override or downgrade existing Pod Security Standards.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCode Commit and Push\u003c/strong\u003e: The malicious configuration change is committed and pushed to the Fleet-monitored Git repository.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFleet Agent Deployment\u003c/strong\u003e: The Fleet agent, observing changes in the Git repository, pulls the updated \u003ccode\u003efleet.yaml\u003c/code\u003e and attempts to apply the \u003ccode\u003enamespaceLabels\u003c/code\u003e to the target Kubernetes namespace.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePSS Label Overwrite\u003c/strong\u003e: Due to CVE-2026-44938, the Fleet agent fails to filter security-sensitive \u003ccode\u003epod-security.kubernetes.io/\u003c/code\u003e labels, inadvertently overwriting legitimate PSS enforcement labels on the target namespace.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAdmission Control Weakening\u003c/strong\u003e: The target Kubernetes namespace's Pod Security Standard admission controls are effectively downgraded or disabled, allowing higher-privileged workloads to be deployed.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMalicious Workload Deployment\u003c/strong\u003e: The attacker then deploys a malicious or privileged Kubernetes workload (e.g., a container running as root, with hostPath mounts, or network access) to the now-weakened namespace.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact\u003c/strong\u003e: The deployed malicious workload executes, leading to potential confidentiality breaches (data exfiltration), integrity compromises (system modification), or availability issues (resource consumption, denial of service) within the Kubernetes cluster.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-44938 allows an attacker to bypass Kubernetes Pod Security Standards (PSS) enforcement on affected namespaces, leading to weakened admission controls. This enables the deployment of privileged or otherwise restricted workloads, which can then be leveraged for unauthorized data exfiltration, system compromise, or disruption of services within the Kubernetes cluster. The ultimate impact on confidentiality, integrity, and availability depends on the specific permissions and actions of the attacker-deployed workload. While no specific victim counts are provided, any organization utilizing vulnerable Fleet versions in a multi-tenant or multi-developer environment where \u003ccode\u003egit push\u003c/code\u003e access could be compromised is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch Immediately\u003c/strong\u003e: Upgrade your Fleet deployments to a patched version (v0.15.2, v0.14.6, v0.13.11, or v0.12.15) to mitigate CVE-2026-44938.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImplement NeuVector Workaround\u003c/strong\u003e: If immediate patching is not possible, deploy NeuVector (SUSE Security) and configure an admission control Deny rule for \u0026quot;Run as privileged\u0026quot; in Protect mode. NeuVector evaluates pod specs independently of Kubernetes PSS namespace labels, blocking privileged containers even if PSS labels are downgraded due to CVE-2026-44938.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRestrict Repository Access\u003c/strong\u003e: Implement strict access controls for Git repositories monitored by Fleet, particularly in multi-tenant environments, to reduce the attack surface for CVE-2026-44938.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReview Credentials\u003c/strong\u003e: Review your systems for potentially leaked credentials and replace any that may be compromised, as \u003ccode\u003egit push\u003c/code\u003e access is a prerequisite for exploiting CVE-2026-44938.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:27:12Z","date_published":"2026-07-03T12:27:12Z","id":"https://feed.craftedsignal.io/briefs/2026-07-fleet-pss-bypass/","summary":"A vulnerability in Fleet's agent-side deployer (CVE-2026-44938) allows an attacker with `git push` access to a Fleet-monitored repository to overwrite Pod Security Standards (PSS) enforcement labels on target Kubernetes namespaces, bypassing admission controls and enabling the deployment of otherwise prohibited workloads.","title":"Fleet PSS Bypass Vulnerability (CVE-2026-44938) via addLabelsFromOptions","url":"https://feed.craftedsignal.io/briefs/2026-07-fleet-pss-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Pss-Bypass","version":"https://jsonfeed.org/version/1.1"}