CVE-2026-41052
- EPSS 0.32%
- Veröffentlicht 29.06.2026 16:16:39
- Zuletzt bearbeitet 02.07.2026 19:48:21
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
CVE-2026-44939
- EPSS 1.28%
- Veröffentlicht 19.06.2026 12:13:39
- Zuletzt bearbeitet 24.06.2026 05:17:28
A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious ...
CVE-2026-41050
- EPSS 0.38%
- Veröffentlicht 13.05.2026 08:04:57
- Zuletzt bearbeitet 13.05.2026 15:35:35
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo...
CVE-2026-25705
- EPSS 0.37%
- Veröffentlicht 13.05.2026 08:00:46
- Zuletzt bearbeitet 13.05.2026 15:35:35
A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` fie...
CVE-2025-62879
- EPSS 0.34%
- Veröffentlicht 04.03.2026 15:08:11
- Zuletzt bearbeitet 05.03.2026 17:57:32
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.
CVE-2025-62878
- EPSS 0.58%
- Veröffentlicht 25.02.2026 10:49:29
- Zuletzt bearbeitet 15.04.2026 00:35:42
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
CVE-2025-67601
- EPSS 0.15%
- Veröffentlicht 25.02.2026 10:36:57
- Zuletzt bearbeitet 03.03.2026 16:26:32
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA cer...
CVE-2024-58269
- EPSS 0.27%
- Veröffentlicht 29.10.2025 14:58:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.
CVE-2023-32199
- EPSS 0.21%
- Veröffentlicht 29.10.2025 14:54:04
- Zuletzt bearbeitet 15.04.2026 00:35:42
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles th...
- EPSS 0.22%
- Veröffentlicht 02.10.2025 12:15:28
- Zuletzt bearbeitet 15.04.2026 00:35:42
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s auth...