THE page discusses critical security vulnerabilities identified in the Fleet GitOps platform, notably affecting multi-tenancy setups. Key vulnerabilities include: 1. **CVE-2026-44935** - Cross namespace secret disclosure, allowing unauthorized access to configuration maps and secrets across namespaces, rated 9.9 CVSS. 2. **CVE-2026-44936** - Server-Side Request Forgery, exposing internal credentials to external servers when repository configurations are mismanaged.
3. **CVE-2026-44937** - Unauthenticated webhook vulnerability, which can disrupt cluster performance and resources. 4. **CVE-2026-44938** - Admission control bypass enables attackers to deploy unauthorized workloads by manipulating security labels. Immediate patching is advised with released versions (v0.15.2, v0.14.6, v0.13.11, v0.12.15) to address these issues, while temporary workarounds can mitigate risks during transition.