Sensitive Credential Exposure in CloudPirates Open Source Helm Charts
CVE-2026-45132

10CRITICAL

Key Information:

Vendor: Cloudpirates-io
Status: Helm-charts
Vendor: CVE Published:; 1 June 2026

🔔 Create Cloudpirates-io Vulnerability Alert

What is CVE-2026-45132?

The CloudPirates Open Source Helm Charts faced a vulnerability where a GitHub Actions workflow, due to unsafe checkout practices, could expose sensitive credentials, including Personal Access Tokens and SSH signing keys, to fork-controlled code. This oversight was rectified with the commit fcf9302, which improved the handling of credentials and bolstered security measures against potential exploitation. Users are advised to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

helm-charts < fcf930211604652aec15085895b6457bc8b73b54

References

https://github.com/CloudPirates-io/helm-charts/security/a...

x_refsource_CONFIRM

https://github.com/CloudPirates-io/helm-charts/commit/fcf...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
May 8, 2026

CVE-2026-45132 Data

JSON