| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-62879 | Rancher Backup Operator pod's logs leak S3 tokens | SUSE | Rancher | Medium | 6.8 | 2026-03-04 15:08:12 | Deep Dive |
| CVE-2025-62878 | Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern | SUSE | Rancher | Critical | 9.9 | 2026-02-25 10:49:30 | Deep Dive |
| CVE-2025-67601 | Rancher CLI skips TLS verification on Rancher CLI login command | SUSE | rancher | High | 8.3 | 2026-02-25 10:36:58 | Deep Dive |
| CVE-2024-58269 | Rancher exposes sensitive information through audit logs | SUSE | rancher | Medium | 4.3 | 2025-10-29 14:58:07 | Deep Dive |
| CVE-2023-32199 | Rancher user retains access to clusters despite Global Role removal | SUSE | rancher | Medium | 4.3 | 2025-10-29 14:54:04 | Deep Dive |
| CVE-2024-58260 | Rancher update on users can deny the service to the admin | SUSE | rancher | High | 7.6 | 2025-10-02 12:09:46 | Deep Dive |
| CVE-2024-58267 | Rancher CLI SAML authentication is vulnerable to phishing attacks | SUSE | rancher | High | 8.0 | 2025-10-02 12:08:31 | Deep Dive |
| CVE-2025-54468 | Rancher sends sensitive information to external services through the `/meta/proxy` endpoint | SUSE | rancher | Medium | 4.7 | 2025-10-02 10:00:19 | Deep Dive |
| CVE-2024-58259 | Rancher affected by unauthenticated Denial of Service | SUSE | rancher | High | 8.2 | 2025-09-02 11:53:04 | Deep Dive |
| CVE-2024-52284 | Rancher Fleet Helm Values are stored inside BundleDeployment in plain text | SUSE | Rancher | High | 7.7 | 2025-09-02 11:49:49 | Deep Dive |
| CVE-2023-32197 | Rancher's External RoleTemplates can lead to privilege escalation | SUSE | rancher | Medium | 6.6 | 2025-04-16 08:40:54 | Deep Dive |
| CVE-2024-22036 | Rancher Remote Code Execution via Cluster/Node Drivers | SUSE | rancher | Critical | 9.1 | 2025-04-16 08:37:54 | Deep Dive |
| CVE-2024-52281 | Stored Cross-site Scripting vulnerability in Rancher UI | SUSE | rancher | High | 8.9 | 2025-04-16 08:31:11 | Deep Dive |
| CVE-2024-52280 | Users can issue watch commands for arbitrary resources | SUSE | rancher | High | 7.7 | 2025-04-11 11:12:44 | Deep Dive |
| CVE-2024-52282 | Rancher Helm Applications may have sensitive values leaked | SUSE | rancher | Medium | 6.2 | 2025-04-11 10:57:55 | Deep Dive |
| CVE-2025-23387 | Rancher's SAML-based login via CLI can be denied by unauthenticated users | SUSE | rancher | Medium | 5.3 | 2025-04-11 10:52:45 | Deep Dive |
| CVE-2025-23388 | Unauthenticated stack overflow in /v3-public/authproviders API | SUSE | rancher | High | 8.2 | 2025-04-11 10:48:51 | Deep Dive |
| CVE-2025-23389 | Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login | SUSE | rancher | High | 8.4 | 2025-04-11 10:46:44 | Deep Dive |
| CVE-2025-23391 | Rancher: Restricted Administrator can change Administrator's passwords | SUSE | rancher | Critical | 9.1 | 2025-04-11 10:38:44 | Deep Dive |
| CVE-2022-45157 | Exposure of vSphere's CPI and CSI credentials in Rancher | SUSE | rancher | Critical | 9.1 | 2024-11-13 13:39:10 | Deep Dive |