EIP-2026-103358

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103358. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a Docker container escape vulnerability in Rancher Server by mounting the host's root filesystem with read/write permissions, allowing an attacker to create a cron job for persistent remote code execution. It leverages the Rancher API to deploy a malicious container with a crafted command.

Description

Rancher Server - Docker Daemon Code Execution (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux_x86-64

https://www.exploit-db.com/exploits/42964

View Code ZIP pw:eip

This Metasploit module exploits a Docker container escape vulnerability in Rancher Server by mounting the host's root filesystem with read/write permissions, allowing an attacker to create a cron job for persistent remote code execution. It leverages the Rancher API to deploy a malicious container with a crafted command.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Rancher Server (versions prior to fix for Docker container escape)

Auth required

Prerequisites: Valid Rancher API credentials · Network access to Rancher Server API (port 8080) · Docker image available on target system or hub.docker.com

MITRE ATT&CK

T1610 - Deploy Container T1059 - Command and Scripting Interpreter T1053 - Scheduled Task/Job

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Rancher Server - Docker Daemon Code Execution (Metasploit)

Exploitation Summary

Description

Exploits (1)

Details