CVE-2026-25705
- Source
- https://cve.org/CVERecord?id=CVE-2026-25705
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-25705.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-25705
- Aliases
- Published
- 2026-05-13T08:00:46.097Z
- Modified
- 2026-05-18T05:58:36.911965596Z
- Severity
-
- 8.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Rancher Extensions have arbitrary file access via path traversal
- Details
-
A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the
compressedEndpointfield inside aUIPlugindeployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code.Write to /var/lib/rancher/ to tamper with cluster state.
If hostPath volumes are mounted, write to the host node filesystem.
Use this issue to chain with other attack vectors.
- Database specific
{ "cna_assigner": "suse", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25705.json", "cwe_ids": [ "CWE-35" ] }- References
Affected packages
Git / github.com/rancher/rancher
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rancher/rancher
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "source": "AFFECTED_FIELD", "extracted_events": [ { "introduced": "2.14.0" }, { "fixed": "2.14.1" }, { "introduced": "2.13.0" }, { "fixed": "2.13.5" }, { "introduced": "2.12.0" }, { "fixed": "2.12.9" }, { "introduced": "2.10.11" }, { "fixed": "2.11.13" } ] }
Affected versions
v2.*
v2.12.0
v2.12.1
v2.12.1-alpha1
v2.12.1-alpha2
v2.12.1-alpha3
v2.12.1-alpha4
v2.12.1-rc1
v2.12.2
v2.12.2-alpha1
v2.12.2-alpha2
v2.12.2-alpha3
v2.12.2-alpha4
v2.12.2-alpha5
v2.12.2-rc1
v2.12.2-rc2
v2.12.3
v2.12.3-alpha1
v2.12.3-alpha2
v2.12.3-rc1
v2.12.4
v2.12.4-alpha1
v2.12.4-alpha2
v2.12.4-alpha3
v2.12.4-alpha4
v2.12.4-alpha5
v2.12.4-alpha6
v2.12.4-hotfix-a3c0.1
v2.12.4-rc1
v2.12.5
v2.12.5-alpha1
v2.12.5-alpha2
v2.12.5-rc1
v2.12.6
v2.12.6-alpha1
v2.12.6-alpha2
v2.12.6-rc1
v2.12.6-rc2
v2.12.7
v2.12.7-alpha1
v2.12.7-alpha2
v2.12.7-alpha3
v2.12.7-rc1
v2.12.8
v2.12.8-alpha1
v2.12.8-alpha2
v2.12.8-rc1
v2.12.9-alpha1
v2.12.9-alpha2
v2.12.9-alpha3
v2.12.9-alpha4
v2.12.9-alpha5
v2.12.9-alpha6
v2.12.9-alpha7
v2.12.9-rc1
v2.13.0
v2.13.0-rc4
v2.13.1
v2.13.1-alpha1
v2.13.1-alpha2
v2.13.1-alpha3
v2.13.1-alpha4
v2.13.1-alpha5
v2.13.1-alpha6
v2.13.1-alpha7
v2.13.1-rc1
v2.13.2
v2.13.2-alpha1
v2.13.2-alpha2
v2.13.2-alpha3
v2.13.2-alpha4
v2.13.2-alpha5
v2.13.2-alpha6
v2.13.2-alpha7
v2.13.2-rc1
v2.13.2-rc2
v2.13.3
v2.13.3-alpha1
v2.13.3-alpha2
v2.13.3-alpha3
v2.13.3-alpha4
v2.13.3-alpha5
v2.13.3-alpha6
v2.13.3-rc1
v2.13.3-rc2
v2.13.3-rc3
v2.13.4
v2.13.4-alpha1
v2.13.4-alpha2
v2.13.4-alpha3
v2.13.4-alpha4
v2.13.4-alpha5
v2.13.4-rc1
v2.13.5-alpha1
v2.13.5-alpha2
v2.13.5-alpha3
v2.13.5-alpha4
v2.13.5-alpha5
v2.13.5-alpha6
v2.13.5-alpha7
v2.13.5-rc1
v2.14.0
v2.14.1-alpha1
v2.14.1-alpha10
v2.14.1-alpha11
v2.14.1-alpha12
v2.14.1-alpha13
v2.14.1-alpha2
v2.14.1-alpha3
v2.14.1-alpha4
v2.14.1-alpha5
v2.14.1-alpha6
v2.14.1-alpha7
v2.14.1-alpha8
v2.14.1-alpha9
v2.14.1-rc1
v2.14.1-rc2