CVE-2026-41050 – Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
CVE ID :CVE-2026-41050
Published : May 13, 2026, 8:04 a.m. | 56 minutes ago
سرور شما نیاز به مدیریت و پشتیبانی دارد؟h3>
پیکربندی، مانیتورینگ و نگهداری حرفهای سرورهای لینوکسی و ویندوزی.
Description :Fleet’s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…