7
CVE-2026-44934
- EPSS 0.12%
- Veröffentlicht 06.07.2026 08:45:26
- Zuletzt bearbeitet 06.07.2026 19:46:02
- Quelle meissner@suse.de
- CVE-Watchlists
- Unerledigt
Exposed tokens in SUSE Rancher AI Agent logs
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSUSE
≫
Produkt
Rancher
Default Statusunaffected
Version
1.0.0
Version <
1.0.2
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.021 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| meissner@suse.de | 7 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-215 Insertion of Sensitive Information Into Debugging Code
The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.
https://github.com/rancher/rancher-ai-agent/security/advisories/GHSA-5r2r-h824-fr5v