CVE Catalog

CVE-2026-44948

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

A path traversal vulnerability in the ImageScan subsystem of Rancher Fleet affects versions 0.12.0 to 0.12.16, 0.13.0 to 0.13.12, 0.14.0 to 0.14.7, and 0.15.0 to 0.15.3, allowing an attacker to traverse outside the intended directory and cause a denial of service.

Risk Assessment

The risk is that an attacker can exploit this vulnerability to read or manipulate files outside the intended directory, potentially disrupting the Kubernetes cluster management service and causing a denial of service.

Recommendation

Upgrade Rancher Fleet to version 0.12.17, 0.13.13, 0.14.8, or 0.15.4, depending on your branch, to remediate the vulnerability.

Original NVD description (English source)

A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS