CVE-2026-25705 – Rancher Extensions have arbitrary file access via path traversal

CVE ID :CVE-2026-25705

Published : May 13, 2026, 8 a.m. | 1 hour ago

Description :A vulnerability has been identified in [Rancher’s Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code.

* Write to /var/lib/rancher/ to tamper with cluster state.

* If hostPath volumes are mounted, write to the host node filesystem.

* Use this issue to chain with other attack vectors.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-41050 – Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

CVE-2026-3004 – Snow Monkey Blocks

CVE-2025-14767 – WPC Badge Management for WooCommerce

CVE-2026-44612 – Bytello Share (Windows Edition) DLL Loading Vulnerability (Remote Code Execution)