CVE-2026-44948 in Rancher
Summary
by MITRE • 06/30/2026
A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/30/2026
This vulnerability represents a critical path traversal flaw within Rancher Fleet's ImageScan subsystem that affects multiple version ranges including 0.12.0 through 0.12.16, 0.13.0 through 0.13.12, 0.14.0 through 0.14.7, and 0.15.0 through 0.15.3. The flaw manifests when the system fails to properly validate file paths during image scanning operations, allowing malicious actors to manipulate directory traversal sequences that can escape the intended filesystem boundaries. This vulnerability aligns with CWE-22 Path Traversal and specifically maps to the ATT&CK technique T1059.007 Command and Scripting Interpreter for executing arbitrary commands through manipulated file paths.
The technical implementation of this vulnerability occurs within the image scanning subsystem where input validation is insufficient to prevent directory traversal sequences such as ../ or ..\ from being processed without proper sanitization. When a user submits an image scan request containing malicious path manipulation characters, the system processes these inputs without adequate restrictions, allowing the execution context to traverse beyond the designated directories. This creates a potential for unauthorized access to system resources and can result in information disclosure or system compromise depending on the privileges of the scanning process.
The operational impact of this vulnerability extends beyond simple denial of service as it represents a foundational security weakness that could enable more sophisticated attacks. While the immediate effect described is denial of service, the underlying flaw provides attackers with the capability to access arbitrary files on the system, potentially exposing sensitive configuration data, credentials, or other critical information stored outside the intended scanning scope. The vulnerability's presence in multiple version ranges indicates a persistent design flaw that could affect organizations running various deployments of Rancher Fleet across their infrastructure.
Organizations should immediately implement mitigations including input validation enforcement for all file path parameters within the ImageScan subsystem, implementing proper path normalization techniques to prevent directory traversal attacks, and restricting file system access permissions for scanning processes. The recommended approach involves deploying application-level firewalls or web application firewalls that can detect and block suspicious path traversal patterns, along with comprehensive patching strategies to upgrade to affected versions where the vulnerability has been addressed through proper input sanitization measures. Additionally, implementing principle of least privilege for scanning operations and regular security assessments of container image scanning components will help prevent exploitation of similar vulnerabilities in other subsystems.