CVE-2026-44946

Summary

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,

Affected Software

VendorProductVersion RangeStatus
SUSERancher2.14.0 < 2.14.3affected
SUSERancher2.13.0 < 2.13.7affected
SUSERancher2.12.0 < 2.12.11affected
SUSERancher2.11.0 < 2.11.15affected

Weaknesses

  • CWE-294: CWE-294 Authentication bypass by capture-replay

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References