Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

rancher — Vulnerabilities & Security Advisories 54

All 54 CVE vulnerabilities found in rancher, with AI-generated Chinese analysis, references, and POCs.

This page presents a curated aggregation of Common Weakness Enumeration entries specifically affecting Rancher, the popular container management platform developed by SUSE. It compiles known security vulnerabilities, configuration flaws, and integration weaknesses identified within the Rancher software ecosystem and its associated control plane components. The collection spans publicly disclosed issues from early development stages through recent stable releases, ensuring a comprehensive historical view of the product's security landscape. Here, security professionals and system administrators can systematically track vendor advisories and patch notes related to Rancher over time. Users can explore the specific characteristics of various weakness classes as they manifest in container orchestration environments, gaining insight into common attack vectors and misconfigurations. Furthermore, the page allows for a detailed lookup of a specific product version’s vulnerability history, enabling teams to assess risk exposure based on their current deployment state. This resource serves as a centralized reference for understanding the breadth of security challenges associated with Rancher, facilitating better vulnerability management and informed decision-making during upgrades or incident response activities. By organizing these disparate data points into a coherent structure, the page supports proactive security hygiene and helps maintain the integrity of Kubernetes-based infrastructures managed through the platform.

Vendor: SUSE

CVE IDTitleCVSSSeverityPublished
CVE-2026-41050 Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering CWE-863 9.9 Critical2026-05-13
CVE-2026-25705 Rancher Extensions have arbitrary file access via path traversal CWE-35 8.4 High2026-05-13
CVE-2025-62879 Rancher Backup Operator pod's logs leak S3 tokens CWE-532 6.8 Medium2026-03-04
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern CWE-23 9.9 Critical2026-02-25
CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command CWE-295 8.3 High2026-02-25
CVE-2024-58269 Rancher exposes sensitive information through audit logs CWE-532 4.3 Medium2025-10-29
CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal CWE-281 4.3 Medium2025-10-29
CVE-2024-58260 Rancher update on users can deny the service to the admin CWE-863 7.6 High2025-10-02
CVE-2024-58267 Rancher CLI SAML authentication is vulnerable to phishing attacks CWE-345 8.0 High2025-10-02
CVE-2025-54468 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint CWE-200 4.7 Medium2025-10-02
CVE-2024-58259 Rancher affected by unauthenticated Denial of Service CWE-770 8.2 High2025-09-02
CVE-2024-52284 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text CWE-312 7.7 High2025-09-02
CVE-2023-32197 Rancher's External RoleTemplates can lead to privilege escalation CWE-269 6.6 Medium2025-04-16
CVE-2024-22036 Rancher Remote Code Execution via Cluster/Node Drivers CWE-269 9.1 Critical2025-04-16
CVE-2024-52281 Stored Cross-site Scripting vulnerability in Rancher UI CWE-79 8.9 High2025-04-16
CVE-2024-52280 Users can issue watch commands for arbitrary resources CWE-200 7.7 High2025-04-11
CVE-2024-52282 Rancher Helm Applications may have sensitive values leaked CWE-200 6.2 Medium2025-04-11
CVE-2025-23387 Rancher's SAML-based login via CLI can be denied by unauthenticated users CWE-200 5.3 Medium2025-04-11
CVE-2025-23388 Unauthenticated stack overflow in /v3-public/authproviders API CWE-121 8.2 High2025-04-11
CVE-2025-23389 Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login CWE-284 8.4 High2025-04-11
CVE-2025-23391 Rancher: Restricted Administrator can change Administrator's passwords CWE-266 9.1 Critical2025-04-11
CVE-2022-45157 Exposure of vSphere's CPI and CSI credentials in Rancher CWE-522 9.1 Critical2024-11-13
CVE-2024-22032 Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec CWE-200 6.5 Medium2024-10-16
CVE-2024-22030 Rancher agents can be hijacked by taking over the Rancher Server URL CWE-295 8.0 High2024-10-16
CVE-2023-32196 Rancher's External RoleTemplates can lead to privilege escalation CWE-269 6.6 Medium2024-10-16
CVE-2023-32194 Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' CWE-269 7.2 High2024-10-16
CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider CWE-287 8.8 High2024-10-16
CVE-2023-22649 Rancher 'Audit Log' leaks sensitive information CWE-532 8.4 High2024-10-16
CVE-2022-43760 Rancher Labs Rancher 跨站脚本漏洞 CWE-79 8.4 High2023-06-01
CVE-2023-22647 Rancher Labs Rancher 安全漏洞 CWE-267 9.9 Critical2023-06-01

All 54 known CVE vulnerabilities affecting rancher with full Chinese analysis, references, and POCs where available.