CVE-2026-44948

MEDIUM

Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-44948. PoCs published by HermesNA-1.

AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-44948, a path traversal vulnerability in Rancher Fleet's ImageScan subsystem. The code includes placeholder logic for target probing but lacks actual exploit implementation or technical details about the vulnerability's mechanics.

Description

A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-44948_path_traversal_vulnerability.py

This repository contains an auto-generated stub module for CVE-2026-44948, a path traversal vulnerability in Rancher Fleet's ImageScan subsystem. The code includes placeholder logic for target probing but lacks actual exploit implementation or technical details about the vulnerability's mechanics.

Classification
Stub 99%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Rancher Fleet 0.12.0-0.12.16, 0.13.0-0.13.12, 0.14.0-0.14.7, 0.15.0-0.15.3
No auth needed
Prerequisites: Network access to the target Rancher Fleet instance · Open port (default: 80/443)
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v4 5.3
EPSS 0.0029
EPSS Percentile 21.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-23
Status published
Products (4)
SUSE/Rancher 0.12.0 - 0.12.16
SUSE/Rancher 0.13.0 - 0.13.12
SUSE/Rancher 0.14.0 - 0.14.7
SUSE/Rancher 0.15.0 - 0.15.3
Published Jun 30, 2026
Tracked Since Jun 30, 2026