Cyber Resilience

CVE-2026-41050

Critical

Published: 13 May 2026

Published
13 May 2026
Modified
13 May 2026
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0038 29.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-41050 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Suse (inferred from references). Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 29.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
T1552.007 Container API Credential Access
Adversaries may gather credentials via APIs within a containers environment.
Why these techniques?

Authorization bypass (missing ServiceAccount impersonation) directly enables unauthorized secret reads from cluster namespaces via GitRepo/Helm paths, mapping to unsecured credential access via container APIs.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26289Shared CWE-863
CVE-2026-22822Shared CWE-863
CVE-2026-48152Shared CWE-863
CVE-2026-27112Shared CWE-863
CVE-2026-25040Shared CWE-863
CVE-2026-27646Shared CWE-863
CVE-2026-32924Shared CWE-863
CVE-2026-42431Shared CWE-863
CVE-2026-23837Shared CWE-863
CVE-2026-40599Shared CWE-863

Affected Assets

Suse
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-863

Periodic review and update of procedures reduces incorrect authorization implementations over time.

addresses: CWE-863

Supervision identifies cases where authorization logic incorrectly permits unauthorized actions.

addresses: CWE-863

Defining permitted attribute values and auditing modifications reduces the chance of incorrect authorization outcomes due to tampered or missing labels.

addresses: CWE-863

The authorization process and usage restrictions help prevent incorrect authorization for remote access types.

addresses: CWE-863

Establishing configuration and connection requirements helps ensure correct rather than incorrect authorization for wireless access.

addresses: CWE-863

Establishing connection authorization processes for mobile devices helps ensure authorization decisions are correctly implemented rather than incorrect.

addresses: CWE-863

Monitoring account use, notifying on changes, and reviewing accounts for compliance corrects incorrect authorization assignments.

addresses: CWE-863

Ensures authorization decisions for external system use are correctly implemented and enforced.

References