Webhook Request Forgery in SUSE Rancher Fleet Products
CVE-2026-44937
8.3HIGH
What is CVE-2026-44937?
This vulnerability exposes SUSE Rancher Fleet to potential webhook request forgery due to the use of unauthenticated webhooks. Attackers can exploit this vulnerability in versions prior to 0.15.2, 0.14.6, 0.13.11, and 0.12.5, allowing them to execute remote denial of service attacks or perform downgrade attacks on repositories within the system.
Affected Version(s)
Rancher 0.15.0 < 0.15.2
Rancher 0.14.0 < 0.14.6
Rancher 0.13.0 < 0.13.11