Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-44934— Exposed tokens in SUSE Rancher AI Agent logs

AI Predicted 5.5 Difficulty: Easy EPSS 0.12% · P2

Possible ATT&CK Techniques 1AI

T1005 · Data from Local System

Affected Version Matrix 1

VendorProductVersion RangeStatus
SUSERancher1.0.0< 1.0.2affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-44934

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Exposed tokens in SUSE Rancher AI Agent logs
Source: NVD (National Vulnerability Database)
Vulnerability Description
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过Debug信息导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rancher AI Assistant for Rancher 调试信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rancher AI Assistant for Rancher是Rancher公司的一个用于用户交互的 UI 扩展。 Rancher AI Assistant for Rancher 1.0.2之前版本存在调试信息泄露漏洞,该漏洞源于设置DEBUG日志级别时可能导致信息泄露,将API密钥或包含敏感数据的LLM响应文本写入日志文件,允许本地攻击者滥用获取的数据或凭据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SUSERancher 1.0.0 ~ 1.0.2 -

II. Public POCs for CVE-2026-44934

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-44934

登录查看更多情报信息。

Vendor Advisories for CVE-2026-44934 (1)

Same Patch Batch · SUSE · 2026-07-06 · 3 CVEs total

CVE-2026-449365.0 MEDIUMRancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml
CVE-2026-44937SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Reposit

IV. Related Vulnerabilities

V. Comments for CVE-2026-44934

No comments yet


Leave a comment