Lucene search
+L

10 matches found

osv
osv
added 2026/06/25 6:26 p.m.6 views

GO-2026-5154 Rancher Extensions have arbitrary file access via path traversal in github.com/rancher/rancher

Rancher Extensions have arbitrary file access via path traversal in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...

8.4CVSS6AI score0.00368EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/05/14 8:21 a.m.11 views

CVE-2026-25705

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

8.4CVSS5.7AI score0.00368EPSS
Exploits0References1
nvd
nvd
added 2026/05/13 8:16 a.m.11 views

CVE-2026-25705

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

8.4CVSS0.00368EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/13 8:0 a.m.9 views

CVE-2026-25705 Rancher Extensions have arbitrary file access via path traversal

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

8.4CVSS5.7AI score0.00368EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/13 8:0 a.m.6 views

CVE-2026-25705

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

8.4CVSS5.7AI score0.00368EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/05/13 8:0 a.m.43 views

CVE-2026-25705

CVE-2026-25705 describes a path-traversal vulnerability in Rancher Extensions where the compressedEndpoint field in a UIPlugin deployment can be abused to overwrite Rancher binaries/configs, tamper with cluster state in /var/lib/rancher/, and, if hostPath volumes are mounted, write to the host no...

8.4CVSS5.7AI score0.00368EPSS
Exploits0References2
osv
osv
added 2026/05/13 8:0 a.m.3 views

CVE-2026-25705 Rancher Extensions have arbitrary file access via path traversal

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

8.4CVSS5.8AI score0.00368EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/13 8:0 a.m.42 views

CVE-2026-25705 Rancher Extensions have arbitrary file access via path traversal

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

8.4CVSS0.00368EPSS
Exploits0References2
osv
osv
added 2026/05/07 1:23 a.m.9 views

GHSA-5V3H-X4WF-5C35 Rancher Extensions have arbitrary file access via path traversal

Impact A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to...

8.4CVSS5.7AI score0.00368EPSS
Exploits0References4
github
github
added 2026/05/07 1:23 a.m.13 views

Rancher Extensions have arbitrary file access via path traversal

Impact A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to...

8.4CVSS5.7AI score0.00368EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder