Vulnerabilities

Report: CVE-2026-41050 - Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during t

2026-05-13 0 views admin

CVE ID :CVE-2026-41050 Published : May 13, 2026, 8:04 a.m. | 1 hour, 27 minutes ago Description :Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`. Severity: 9.9 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-41050

Severity

CRITICAL

Published

May 13, 2026

🏷️ Tags

report41050impersonationbypassrestclientgetterretainsclusteradminduringcve

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-41050 - Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during t

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: Update: CVE-2026-25107 - ELECOM Wireless LAN Access Point Device Cryptographic Key Weakness

Report: CVE-2026-35506 - ELECOM Wireless LAN Access Point OS Command Injection Vulnerability

Report: CVE-2026-40621 - ELECOM Wireless LAN Access Point Unauthenticated Access Vulnerability - Guide

Report: CVE-2026-42062 - ELECOM Wireless LAN Access Point OS Command Injection Vulnerability

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting