Suse Rancher
52 CVEs affecting Suse Rancher. Latest disclosed: 2026-05-13. Critical: 11, High: 28.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41050 | Critical | 9.9 | 2026-05-13 | Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repositor… |
CVE-2025-62878 | Critical | 9.9 | 2026-02-25 | A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensiti… |
CVE-2023-22647 | Critical | 9.9 | 2023-06-01 | An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets i… |
CVE-2023-22651 | Critical | 9.9 | 2023-05-04 | Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead… |
CVE-2022-43757 | Critical | 9.9 | 2023-02-07 | A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends o… |
CVE-2021-36783 | Critical | 9.9 | 2022-09-07 | A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members t… |
CVE-2021-36782 | Critical | 9.9 | 2022-09-07 | A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Member… |
CVE-2024-22036 | Critical | 9.1 | 2025-04-16 | A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher co… |
CVE-2025-23391 | Critical | 9.1 | 2025-04-11 | A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their a… |
CVE-2022-45157 | Critical | 9.1 | 2024-11-13 | A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials u… |
CVE-2022-31247 | Critical | 9.1 | 2022-09-07 | An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role temp… |
CVE-2024-52281 | High | 8.9 | 2025-04-16 | A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through th… |
CVE-2023-22650 | High | 8.8 | 2024-10-16 | A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider… |
CVE-2021-36776 | High | 8.8 | 2022-04-01 | A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions… |
CVE-2021-36775 | High | 8.8 | 2022-04-01 | a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher… |
CVE-2017-7297 | High | 8.8 | 2017-03-29 | Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2… |
CVE-2026-25705 | High | 8.4 | 2026-05-13 | A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicio… |
CVE-2025-23389 | High | 8.4 | 2025-04-11 | A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This is… |
CVE-2023-22649 | High | 8.4 | 2024-10-16 | A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.doc… |
CVE-2022-43760 | High | 8.4 | 2023-06-01 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged gr… |