CRITICAL9.9CVE-2026-41050Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering >= 0.15.0, < 0.15.1
HIGH7.7CVE-2024-52284Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet >= 0.13.0, < 0.13.1-0.20250806151509-088bcbea7edb
HIGH7.7CVE-2024-52284Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet >= 0.11.0, < 0.11.10, >= 0.12.0, < 0.12.6, >= 0.13.0, < 0.13.1-0.20250806151509-088bcbea7edb
MEDIUM6.3Fleet doesn’t validate a server’s certificate when connecting through SSH in github.com/rancher/fleet
>= 0.9.0-rc.1, < 0.10.12
MEDIUM6.3Fleet doesn’t validate a server’s certificate when connecting through SSH in github.com/rancher/fleet
>= 0.9.0-rc.1, < 0.10.12, >= 0.11.0, < 0.11.7, >= 0.12.0, < 0.12.2