What is CVE-2024-22036?

CVE-2024-22036 is a critical-severity vulnerability in Suse Rancher, classified under Improper Privilege Management. CVSS score: 9.1/10. Published 2025-04-16.

How severe is CVE-2024-22036?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Privilege escalation in Suse Rancher

CVE-2024-22036

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is pos…

Vulnerability class: Privilege Escalation

EPSS: 0.002 (44.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Suse Rancher — versions 2.7.0, 2.8.0, 2.9.0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

bugzilla.suse.com/show_bug.cgi
github.com/rancher/rancher/security/advisories/GHSA-h99m-6755-rgwc

Frequently asked questions

What is CVE-2024-22036?: CVE-2024-22036 is a critical-severity vulnerability in Suse Rancher, classified under Improper Privilege Management. CVSS score: 9.1/10. Published 2025-04-16.
How severe is CVE-2024-22036?: Critical severity. CVSS v3 base score is 9.1 out of 10.