5 matches found
CVE-2026-44946
A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service ACS handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,...
Phishing Attack
github.com/rancher/rancher is vulnerable to Phishing Attack. The vulnerability is due to a weakness in the custom SAML authentication protocol used by the Rancher CLI, which allows an attacker to steal authentication tokens through crafted phishing attempts...
GO-2025-4073 Rancher user retains access to clusters despite Global Role removal in github.com/rancher/rancher
Rancher user retains access to clusters despite Global Role removal in github.com/rancher/rancher...
GO-2025-3586 Rancher: Restricted Administrator can change Administrator's passwords in github.com/rancher/rancher
Rancher: Restricted Administrator can change Administrator's passwords in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
Privilege Escalation
github.com/rancher/rancher is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation which allows an unauthorized user to log in with administrative privileges...