CVE-2026-41050

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/05/2026
Last modified:
13/05/2026

Description

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.