CVE-2025-71261

HIGH

Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS

Title source: cna
STIX 2.1

Description

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.

References (1)

Core 1

Scores

CVSS v3 8.6
EPSS 0.0021
EPSS Percentile 10.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-295
Status published
Products (2)
harvester/harvester 0 - 1.8.0Go
SUSE/Harvester < 1.8
Published Jun 16, 2026
Tracked Since Jun 16, 2026