Rancher
This hub aggregates every CVE we track for Rancher, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
65
CVEs tracked
14
Critical
36
High
0
In CISA KEV
Severity distribution
HIGH36MEDIUM15CRITICAL14
Monthly trend
0
0
7
1
0
0
0
0
9
0
0
0
0
2
5
0
0
0
2
1
0
2
1
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Rancher.
- CVE-2026-41053Over-inclusive team membership expansion in GitHub App authentication provider for Rancher8.8
- CVE-2026-41050Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering9.9
- CVE-2026-25705Rancher Extensions have arbitrary file access via path traversal8.4
- CVE-2025-62879Rancher Backup Operator pod's logs leak S3 tokens6.8
- CVE-2025-62878Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern9.9
- CVE-2025-67601Rancher CLI skips TLS verification on Rancher CLI login command8.3
- CVE-2024-58269Rancher exposes sensitive information through audit logs4.3
- CVE-2023-32199Rancher user retains access to clusters despite Global Role removal4.3
- CVE-2024-58260Rancher update on users can deny the service to the admin7.6
- CVE-2024-58267Rancher CLI SAML authentication is vulnerable to phishing attacks8.0
- CVE-2025-54468Rancher sends sensitive information to external services through the `/meta/proxy` endpoint4.7
- CVE-2024-58259Rancher affected by unauthenticated Denial of Service8.2
- CVE-2024-52284Rancher Fleet Helm Values are stored inside BundleDeployment in plain text7.7
- CVE-2023-32197Rancher's External RoleTemplates can lead to privilege escalation6.6
- CVE-2024-22036Rancher Remote Code Execution via Cluster/Node Drivers9.1
Product normalization is registry-driven with AI assist and human review. How it works