CVE-2026-44948 | A path traversal vulnerability was found in Fleet's ImageSca… | CVSS 5.3 MEDIUM

Description

A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.

Metadata

CVE ID: CVE-2026-44948
State: PUBLISHED
Assigner: suse
Reserved: 2026-05-08 12:29 UTC
Published: 2026-06-30 15:12 UTC
Last updated: 2026-06-30 16:00 UTC
Primary CWE: CWE-23
CWE-23 Relative path traversal
Vendor / Product: SUSE / Rancher
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
SUSE	Rancher	—	0.12.0 < 0.12.16, 0.13.0 < 0.13.12, 0.14.0 < 0.14.7, 0.15.0 < 0.15.3

Weakness (CWE)

CWE	Source	Description
CWE-23	cna	CWE-23 Relative path traversal

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.3	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References (1)

https://github.com/rancher/fleet/security/advisories/GHSA-c45g-6c2c-rj3p