Go CVE Archive

github.com/rancher/rancher CVE Vulnerabilities

All known CVEs affecting github.com/rancher/rancher. Kodem’s runtime-powered SCA reveals which are actually reachable in your application.

Known vulnerabilities
CVE
Summary
Severity
CVE-2026-41052
Rancher has Privilege Escalation from Project Owner to Host
Critical
CVE-2026-41053
Rancher has over-inclusive team membership expansion in GitHub App…
High
CVE-2026-44939
Rancher vulnerable to command injection through unsanitized YAML parameter
Critical
CVE-2026-25705
Rancher Extensions have arbitrary file access via path traversal
High
CVE-2021-25320
Rancher cloud credentials can be used through proxy API by users without access
Critical
CVE-2022-21951
Rancher's weave CNI password is not configured when a cluster is created from…
Medium
CVE-2022-31247
Rancher has downstream cluster privilege escalation through cluster and project…
Critical
CVE-2021-36783
Rancher doesn't properly sanitize credentials in cluster template answers
Critical
CVE-2023-22648
Rancher's Azure AD permission changes are not reflected on active sessions
High
CVE-2025-67601
Rancher CLI skips TLS verification on Rancher CLI login command
High
CVE-2024-58269
Rancher exposes sensitive information through audit logs
Medium
CVE-2023-32199
Rancher user retains access to clusters despite Global Role removal
Medium
CVE-2024-58260
Rancher update on users can deny the service to the admin
High
CVE-2024-58267
Rancher CLI SAML authentication is vulnerable to phishing attacks
High
CVE-2025-54468
Rancher sends sensitive information to external services through the…
Medium
CVE-2024-58259
Rancher affected by unauthenticated Denial of Service
High
CVE-2024-22031
Rancher users who can create Projects can gain access to arbitrary projects
High
CVE-2025-23391
Rancher: Restricted Administrator can change Administrator's passwords
Critical
CVE-2025-23389
Rancher does not Properly Validate Account Bindings in SAML Authentication…
High
CVE-2025-23388
Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API
High
CVE-2025-23387
Rancher's SAML-based login via CLI can be denied by unauthenticated users
Medium
CVE-2024-52281
Rancher UI has Stored Cross-site Scripting vulnerability
High
CVE-2024-52282
Rancher Helm Applications may have sensitive values leaked
Medium
CVE-2024-22036
Rancher Remote Code Execution via Cluster/Node Drivers
Critical
CVE-2022-45157
Exposure of vSphere's CPI and CSI credentials in Rancher
High
CVE-2023-32197
Rancher allows privilege escalation in Windows nodes due to Insecure Access…
Critical
CVE-2024-22030
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22032
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
High
CVE-2023-32196
Rancher's External RoleTemplates can lead to privilege escalation
High
CVE-2023-22650
Rancher does not automatically clean up a user deleted or disabled from the…
High
CVE-2021-25318
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC…
High
CVE-2021-31999
Rancher Privilege escalation vulnerability via malicious "Connection" header
High
CVE-2021-36776
Rancher's Steve API Component Improper authorization check allows privilege…
High
CVE-2021-36775
Rancher's Failure to delete orphaned role bindings does not revoke project…
High
CVE-2023-22649
Rancher 'Audit Log' leaks sensitive information
High
CVE-2023-32194
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions…
High
CVE-2023-22647
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
Critical
CVE-2022-43760
Rancher UI has multiple Cross-Site Scripting (XSS) issues
Medium
CVE-2020-10676
Rancher users retain access after moving namespaces into projects they don't…
High
CVE-2023-22651
Rancher Webhook is misconfigured during upgrade process
Critical
CVE-2022-43757
Plaintext storage of sensitive data in Rancher API and…
High
CVE-2022-43758
Command injection in Rancher Git package
Medium
CVE-2022-21953
Authenticated user can gain unauthorized shell pod and kubectl access in the…
High
CVE-2022-43759
Privilege escalation in project role template binding (PRTB) and -promoted roles
High
CVE-2022-43755
Rancher cattle-token is predictable
High
CVE-2021-36782
Rancher API and cluster.management.cattle.io object vulnerable to plaintext…
Critical
CVE-2021-25313
Rancher Cross-site Scripting Vulnerability
Medium
CVE-2019-11202
Rancher Recreates Default User With Known Password Despite Deletion
Critical

Prioritize github.com/rancher/rancher vulnerabilities

Kodem Kai can identify which of these CVEs are reachable in your dependency tree and generate targeted fix recommendations.

Get a demo →

Stop the waste.
Protect your environment with Kodem.