Rancher

This hub aggregates every CVE we track for Rancher, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Rancher.

• CVE-2026-41050Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering9.9May 13, 2026
• CVE-2026-25705Rancher Extensions have arbitrary file access via path traversal8.4May 13, 2026
• CVE-2025-62879Rancher Backup Operator pod's logs leak S3 tokens6.8Mar 4, 2026
• CVE-2025-62878Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern9.9Feb 25, 2026
• CVE-2025-67601Rancher CLI skips TLS verification on Rancher CLI login command8.3Feb 25, 2026
• CVE-2024-58269Rancher exposes sensitive information through audit logs4.3Oct 29, 2025
• CVE-2023-32199Rancher user retains access to clusters despite Global Role removal4.3Oct 29, 2025
• CVE-2024-58260Rancher update on users can deny the service to the admin7.6Oct 2, 2025
• CVE-2024-58267Rancher CLI SAML authentication is vulnerable to phishing attacks8.0Oct 2, 2025
• CVE-2025-54468Rancher sends sensitive information to external services through the `/meta/proxy` endpoint4.7Oct 2, 2025
• CVE-2024-58259Rancher affected by unauthenticated Denial of Service8.2Sep 2, 2025
• CVE-2024-52284Rancher Fleet Helm Values are stored inside BundleDeployment in plain text7.7Sep 2, 2025
• CVE-2023-32197Rancher's External RoleTemplates can lead to privilege escalation6.6Apr 16, 2025
• CVE-2024-22036Rancher Remote Code Execution via Cluster/Node Drivers9.1Apr 16, 2025
• CVE-2024-52281Stored Cross-site Scripting vulnerability in Rancher UI8.9Apr 16, 2025