CVE-2026-25705: CWE-35 Path traversal: '.../...//' in SUSE rancher
CVE-2026-25705 is a high severity path traversal vulnerability in SUSE Rancher's Extensions. It allows a malicious UI extension to inject code by exploiting the compressedEndpoint field in a UIPlugin deployment. This can lead to overwriting Rancher binaries or configuration, tampering with cluster state under /var/lib/rancher/, writing to the host node filesystem if hostPath volumes are mounted, and potentially chaining with other attack vectors. The vulnerability affects Rancher versions 2. 10. 11, 2. 12. 0, 2. 13. 0, and 2.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-25705) in SUSE Rancher arises from a path traversal issue (CWE-35) in the compressedEndpoint field of UIPlugin deployments within Rancher's Extensions. An attacker deploying a malicious UI extension can exploit this to perform unauthorized file writes, including overwriting Rancher binaries or configuration files, modifying cluster state data in /var/lib/rancher/, and writing to the host node filesystem if hostPath volumes are mounted. The vulnerability has a CVSS 3.1 score of 8.4 (high severity) with network attack vector, low attack complexity, requiring high privileges and user interaction, and impacts confidentiality, integrity, and availability. Affected versions include Rancher 2.10.11 through 2.14.0. No vendor advisory or patch information is currently provided, and no known exploits have been reported.
Potential Impact
Successful exploitation can lead to full compromise of the Rancher environment by allowing code injection, overwriting critical binaries or configuration files, tampering with cluster state, and potentially affecting the host node filesystem. This impacts confidentiality, integrity, and availability of the affected systems. The vulnerability requires high privileges and user interaction to exploit, but once exploited, it can have severe consequences on Rancher deployments.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict deployment of untrusted UI extensions and limit privileges to reduce risk. Monitor Rancher environments for suspicious UIPlugin deployments and avoid mounting hostPath volumes if possible to limit filesystem exposure.
CVE-2026-25705: CWE-35 Path traversal: '.../...//' in SUSE rancher
Description
CVE-2026-25705 is a high severity path traversal vulnerability in SUSE Rancher's Extensions. It allows a malicious UI extension to inject code by exploiting the compressedEndpoint field in a UIPlugin deployment. This can lead to overwriting Rancher binaries or configuration, tampering with cluster state under /var/lib/rancher/, writing to the host node filesystem if hostPath volumes are mounted, and potentially chaining with other attack vectors. The vulnerability affects Rancher versions 2. 10. 11, 2. 12. 0, 2. 13. 0, and 2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-25705) in SUSE Rancher arises from a path traversal issue (CWE-35) in the compressedEndpoint field of UIPlugin deployments within Rancher's Extensions. An attacker deploying a malicious UI extension can exploit this to perform unauthorized file writes, including overwriting Rancher binaries or configuration files, modifying cluster state data in /var/lib/rancher/, and writing to the host node filesystem if hostPath volumes are mounted. The vulnerability has a CVSS 3.1 score of 8.4 (high severity) with network attack vector, low attack complexity, requiring high privileges and user interaction, and impacts confidentiality, integrity, and availability. Affected versions include Rancher 2.10.11 through 2.14.0. No vendor advisory or patch information is currently provided, and no known exploits have been reported.
Potential Impact
Successful exploitation can lead to full compromise of the Rancher environment by allowing code injection, overwriting critical binaries or configuration files, tampering with cluster state, and potentially affecting the host node filesystem. This impacts confidentiality, integrity, and availability of the affected systems. The vulnerability requires high privileges and user interaction to exploit, but once exploited, it can have severe consequences on Rancher deployments.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict deployment of untrusted UI extensions and limit privileges to reduce risk. Monitor Rancher environments for suspicious UIPlugin deployments and avoid mounting hostPath volumes if possible to limit filesystem exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- suse
- Date Reserved
- 2026-02-05T15:37:24.184Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a043484cbff5d861095871e
Added to database: 5/13/2026, 8:21:24 AM
Last enriched: 5/13/2026, 8:36:30 AM
Last updated: 5/13/2026, 9:35:54 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.