CVE-2026-25705
8.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code.
Write to /var/lib/rancher/ to tamper with cluster state.
If hostPath volumes are mounted, write to the host node filesystem.
Use this issue to chain with other attack vectors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | rancher | 2.14.0 < 2.14.1 | affected |
| SUSE | rancher | 2.13.0 < 2.13.5 | affected |
| SUSE | rancher | 2.12.0 < 2.12.9 | affected |
| SUSE | rancher | 2.10.11 < 2.11.13 | affected |
Weaknesses
- CWE-35: CWE-35 Path traversal: '…/…//'
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25705
- https://github.com/rancher/rancher/security/advisories/GHSA-5v3h-x4wf-5c35
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.