Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CLI login command when the -skip-verify flag is used without the --cacert flag. An attacker can intercept sensitive information or perform man-in-the-middle attacks by exploiting the lack of proper...

CVE-2025-67601

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

GO-2025-3984 Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher

Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabili...

EUVD-2025-31336

Malicious code in bioql PyPI...

CVE-2024-58267

CVE-2024-58267 concerns Rancher CLI SAML authentication, where the custom SAML protocol used by Rancher’s CLI can be abused to phish and steal tokens. Connected advisories identify affected code paths in github.com/rancher/rancher and specify vulnerable ranges: v2.9.0–before v2.9.12, v2.10.0–befo...