CVE-2026-44948

Summary

A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.

Affected Software

VendorProductVersion RangeStatus
SUSERancher0.12.0 < 0.12.16affected
SUSERancher0.13.0 < 0.13.12affected
SUSERancher0.14.0 < 0.14.7affected
SUSERancher0.15.0 < 0.15.3affected

Weaknesses

  • CWE-23: CWE-23 Relative path traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References