CVE-2026-25705

Summary

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code.

  • Write to /var/lib/rancher/ to tamper with cluster state.

  • If hostPath volumes are mounted, write to the host node filesystem.

  • Use this issue to chain with other attack vectors.

Affected Software

VendorProductVersion RangeStatus
SUSErancher2.14.0 < 2.14.1affected
SUSErancher2.13.0 < 2.13.5affected
SUSErancher2.12.0 < 2.12.9affected
SUSErancher2.10.11 < 2.11.13affected

Weaknesses

  • CWE-35: CWE-35 Path traversal: '…/…//'

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References