CVE-2026-44948
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
A path traversal vulnerability in the ImageScan subsystem of Rancher Fleet affects versions 0.12.0 to 0.12.16, 0.13.0 to 0.13.12, 0.14.0 to 0.14.7, and 0.15.0 to 0.15.3, allowing an attacker to traverse outside the intended directory and cause a denial of service.
Risk Assessment
The risk is that an attacker can exploit this vulnerability to read or manipulate files outside the intended directory, potentially disrupting the Kubernetes cluster management service and causing a denial of service.
Recommendation
Upgrade Rancher Fleet to version 0.12.17, 0.13.13, 0.14.8, or 0.15.4, depending on your branch, to remediate the vulnerability.
Original NVD description (English source)
A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.

