Listen to this Post
How CVE-2026-44938 Works
A vulnerability has been identified in Fleet’s agent-side deployer, which did not filter security-sensitive keys from `namespaceLabels` in `fleet.yaml` (or BundleDeployment.spec.options.namespaceLabels) when applying them to the target namespace. An attacker with git push access to a Fleet-monitored repository could overwrite Pod Security Standards (PSS) enforcement labels on a target namespace. This allows the attacker to weaken admission controls and deploy workloads that PSS policies would otherwise block.
The vulnerability arises because Fleet’s Helm deployer did not fully apply ServiceAccount impersonation in two code paths. The Helm template engine ran Kubernetes API queries with the fleet-agent‘s cluster-admin credentials instead of the impersonated ServiceAccount. Additionally, Secret and ConfigMap references in `fleet.yaml helm.valuesFrom` were read using the fleet-agent‘s cluster-admin client. This allows a tenant to reference resources in namespaces the impersonated ServiceAccount has no access to.
Both issues break Fleet’s multi-tenant impersonation boundary. The final impact on confidentiality, integrity, and availability depends on the specific permissions of the leaked credentials. The vulnerability is classified as high severity.
DailyCVE Form
Platform: Rancher Fleet
Version: <0.12.15, <0.13.11, <0.14.6, <0.15.2
Vulnerability: PSS Bypass via namespaceLabels
Severity: High
Date: 2026-07-01
Prediction: Patch available now
What Undercode Say: Analytics
The vulnerability can be exploited by an attacker with git push access to a Fleet-monitored repository. The attacker can modify the `namespaceLabels` in `fleet.yaml` or `BundleDeployment.spec.options.namespaceLabels` to include security-sensitive keys, such as those with the `pod-security.kubernetes.io/` prefix. This allows the attacker to overwrite Pod Security Standards enforcement labels on the target namespace.
Example malicious fleet.yaml namespaceLabels: pod-security.kubernetes.io/enforce: "privileged" pod-security.kubernetes.io/enforce-version: "latest"
By weakening the admission controls, the attacker can deploy privileged containers that would otherwise be blocked by PSS policies. This could lead to unauthorized access to sensitive resources and potential cluster compromise.
The vulnerability is associated with MITRE ATT&CK Technique T1499.004: Endpoint Denial of Service.
Exploit
To exploit this vulnerability, an attacker needs:
- Git Push Access: The attacker must have push access to a Git repository monitored by Fleet.
- Modify Fleet Configuration: The attacker modifies the `fleet.yaml` file in the repository to include malicious `namespaceLabels` that overwrite PSS labels.
- Deploy Workload: The attacker triggers a Fleet deployment, which applies the malicious labels to the target namespace.
- Deploy Privileged Pods: With the PSS enforcement weakened, the attacker can deploy privileged containers that bypass admission controls.
Example: Attacker pushes a malicious fleet.yaml to the repository git add fleet.yaml git commit -m "Update namespace labels" git push origin main
Protection
To protect against this vulnerability, the following measures are recommended:
1. Upgrade Fleet: Upgrade to a patched version of Fleet: v0.15.2, v0.14.6, v0.13.11, or v0.12.15.
2. Deploy NeuVector: Deploy NeuVector (SUSE Security) and configure an admission control Deny rule for “Run as privileged” in Protect mode. NeuVector evaluates pod specs independently of Kubernetes PSS namespace labels and blocks privileged containers even if the labels are downgraded.
3. Restrict Repository Access: In a multi-tenant setup, restrict git push access to trusted users only. This reduces the attack surface but does not completely close the vulnerability.
Impact
The impact of this vulnerability can be severe:
Unauthorized Access: Attackers can weaken admission controls and deploy workloads that PSS policies would otherwise block.
Credential Leakage: The vulnerability can lead to the leakage of sensitive credentials, as the fleet-agent‘s cluster-admin credentials may be used to access resources beyond the tenant’s RBAC scope.
Cluster Compromise: Depending on the permissions of the leaked credentials, an attacker could gain full control over the Kubernetes cluster.
Denial of Service: The vulnerability can be used to trigger continuous repository re-cloning, increasing network traffic and depleting resources on the management cluster.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

