Rancher Webhook Handler Vulnerability in FleetWorkspace Products by Rancher
CVE-2026-44949

7HIGH

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-44949?

A vulnerability in the Rancher FleetWorkspace's webhook handler allows unauthenticated attackers with network access to exploit the admission path. By submitting a crafted admission payload, attackers can manipulate workspace-related Kubernetes objects, creating them with unauthorized identity data. This could lead to various malicious activities, potentially compromising the integrity of the affected Kubernetes environment.

Affected Version(s)

Rancher 0.7.0 < 0.7.10

Rancher 0.8.0 < 0.8.7

Rancher 0.9.0 < 0.9.6

References

https://github.com/rancher/webhook/security/advisories/GH...

vendor-advisory

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
May 8, 2026

CVE-2026-44949 Data

JSON

Suse

What is CVE-2026-44949?

Affected Version(s)

References

CVSS V4

Timeline