Skip to main content

Rancher Fleet EUVDEUVD-2026-40348

| CVE-2026-44948 MEDIUM
Relative Path Traversal (CWE-23)
2026-06-30 suse
5.3
CVSS 4.0 · Vendor: suse
Share

Severity by source

Vendor (suse) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.3 MEDIUM

Authenticated network path traversal causing availability-only impact; PR:L required because exploitation demands valid Fleet API credentials.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (suse).

CVSS VectorVendor: suse

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 17:01 EUVD
Analysis Generated
Jun 30, 2026 - 16:25 vuln.today

DescriptionCVE.org

A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.

AnalysisAI

Path traversal in Rancher Fleet's ImageScan subsystem (CWE-23) allows authenticated remote attackers to escape intended directory boundaries and trigger denial of service across four active release branches (0.12.x through 0.15.x). The flaw appears to have been introduced in the 0.12.0 series and persisted undetected through at least sixteen subsequent patch releases, indicating the ImageScan component lacked adequate path sanitization for an extended period. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege Fleet API credentials
Delivery
Send crafted path traversal input to ImageScan subsystem
Exploit
Bypass directory boundary validation (CWE-23)
Execution
Trigger abnormal filesystem operation on unintended path
Persist
Crash or hang ImageScan process
Impact
Deny image scanning service availability

Vulnerability AssessmentAI

Exploitation Exploitation requires authenticated network access with at least low-level privileges (CVSS 4.0 PR:L), meaning the attacker must possess a valid Fleet API credential, service account token, or equivalent authenticated session - unauthenticated attackers cannot exploit this flaw. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.3 (Medium) reflects a network-accessible (AV:N), low-complexity (AC:L), low-privilege (PR:L) flaw with impact confined to limited availability degradation (VA:L) on the vulnerable system - no confidentiality or integrity impact is indicated. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding a low-privilege Fleet API credential crafts a malicious request to the ImageScan subsystem containing path traversal sequences (e.g., '../../') embedded in an image reference or scan target field. The unvalidated path causes the ImageScan process to attempt filesystem operations outside its intended working directory, resulting in a process crash or hang that disrupts image scanning functionality and degrades Fleet's operational availability. …
Remediation Consult the Rancher Fleet security advisory at https://github.com/rancher/fleet/security/advisories/GHSA-c45g-6c2c-rj3p for the exact patched release versions - specific fix version numbers are not independently confirmed from available input data and should not be assumed. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40348 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy