Package impact
Go / github.com/rancher/fleet
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-41050 | critical | 9.9 | 9.9 | 15d ago | Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering | |
| CVE-2024-52284 | unknown | — | — | 9mo ago | Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet | |
| CVE-2025-23390 | unknown | — | — | 1y ago | Fleet doesn’t validate a server’s certificate when connecting through SSH in github.com/rancher/fleet |