Webhook Request Forgery in SUSE Rancher Fleet Products
CVE-2026-44937

8.3HIGH

Key Information:

Vendor

Suse

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-44937?

This vulnerability exposes SUSE Rancher Fleet to potential webhook request forgery due to the use of unauthenticated webhooks. Attackers can exploit this vulnerability in versions prior to 0.15.2, 0.14.6, 0.13.11, and 0.12.5, allowing them to execute remote denial of service attacks or perform downgrade attacks on repositories within the system.

Affected Version(s)

Rancher 0.15.0 < 0.15.2

Rancher 0.14.0 < 0.14.6

Rancher 0.13.0 < 0.13.11

References

CVSS V4

Score:
8.3
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.