Product

Rancher

2 briefs RSS

Rancher Extensions Path Traversal Vulnerability

A path traversal vulnerability (CVE-2026-25705) exists in Rancher's Extensions through the `compressedEndpoint` field in a `UIPlugin` deployment, allowing malicious UI extensions to overwrite Rancher binaries, tamper with cluster state, or write to the host filesystem.

Rancher path-traversal kubernetes

2r 1t May 7, 2026

critical advisory

Rancher Vulnerability Allows Remote Code Execution and File Manipulation

2 rules 2 TTPs

An authenticated, remote attacker can exploit a vulnerability in Rancher to execute arbitrary program code and manipulate files, potentially leading to privilege escalation and system compromise.

Rancher code-execution file-manipulation

2r 2t May 4, 2026