Back to overview

CVE-2026-44937

HIGH
8.3
CVSS 4.0
Description
Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.

Metadata

CVE ID
CVE-2026-44937
State
PUBLISHED
Assigner
suse
Reserved
2026-05-08 12:29 UTC
Published
2026-07-06 09:52 UTC
Last updated
2026-07-06 12:46 UTC
Primary CWE
CWE-918
CWE-918 Server-Side request forgery (SSRF)
Vendor / Product
SUSE / Rancher
Sources
cve.org  ·  NVD

Severity & Metrics

8.3 HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
SUSE Rancher 0.15.0 < 0.15.2, 0.14.0 < 0.14.6, 0.13.0 < 0.13.11, 0.12.0 < 0.12.15
Weakness (CWE)
CWESourceDescription
CWE-918 cna CWE-918 Server-Side request forgery (SSRF)
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.3 HIGH 4.0 cna CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Back to overview