CVE-2026-44937
Severity CVSS v4.0:
HIGH
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
06/07/2026
Last modified:
09/07/2026
Description
Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.
Impact
Base Score 4.0
8.30
Severity 4.0
HIGH
Base Score 3.x
8.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:suse:rancher_fleet:*:*:*:*:*:*:*:* | 0.12.0 (including) | 0.12.15 (excluding) |
| cpe:2.3:a:suse:rancher_fleet:*:*:*:*:*:*:*:* | 0.13.0 (including) | 0.13.11 (excluding) |
| cpe:2.3:a:suse:rancher_fleet:*:*:*:*:*:*:*:* | 0.14.0 (including) | 0.14.6 (excluding) |
| cpe:2.3:a:suse:rancher_fleet:*:*:*:*:*:*:*:* | 0.15.0 (including) | 0.15.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



