Rancher Vulnerability Leaves Kubernetes Cluster Vulnerable to Hijack via Plugins

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A path traversal vulnerability exists CVE-2026-25705 in Rancher affecting the UI Extensions and plugin deployment mechanism, where insufficient validation of compressed plugin contents allows attackers to break out of the intended directory structure. By crafting a malicious or modified UI extension package, an attacker can traverse directories and write or overwrite arbitrary files on the Rancher server. This can lead to exposure of sensitive configuration files, modification of system components, and potential escalation to full Kubernetes cluster compromise, particularly in environments where hostPath volumes or elevated permissions are in use. Successful exploitation undermines the integrity of Rancher-managed infrastructure and may allow attackers to achieve persistent control over cluster operations. The vulnerability has a CVSS score of 8.4.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

RECOMMENDATION:

We recommend you to update Rancher to version 2.14.1, 2.13.5, 2.12.9 or 2.11.13 or later.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/suse-rancher-cve-2026-25705-path-traversal-ui-plugin-exploit/

[/emaillocker]

Recent Advisories

JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

May 7, 2026

rmcp Vulnerability Introduces HTTP Transport Communication Gain Abuse

May 7, 2026

Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup

May 7, 2026

edx-enterprise Vulnerability Leaks Cloud Credentials with Server Side Interactions

May 6, 2026

Rancher Vulnerability Leaves Kubernetes Cluster Vulnerable to Hijack via Plugins

Recent Advisories

Report an Incident