Auth bypass in Suse Rancher
CVE-2026-44949
A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network a…
Vulnerability class: Broken Authentication
Affected products
- Suse Rancher — versions 0.7.0, 0.8.0, 0.9.0
Weakness classification (CWE)
References
- meissner@suse.de (vendor-advisory)