Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

SUSE

#404e59f5-483d-4b8a-8e7a-e67604dd8afb
PolicyEmail

Short Name

suse

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

suse.de

Country

USA

Scope

SUSE and Rancher specific security issues, and vulnerabilities discovered by SUSE that are not covered by the scope of another CNA.
Reported CVEsVendorsProductsReports
241Vulnerabilities found

CVE-2025-8412
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-2||LOW
EPSS-0.09% / 0.57%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 07:42
Updated-15 Jul, 2026 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VMDP: Potential buffer overflow in the RtlQueryRegistryValues function

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affects Virtual Machine Driver Pack: before e7a602ec232756ead019bdf19d6d3b9d010cc94b.

Action-Not Available
Vendor-SUSE
Product-Virtual Machine Driver Pack
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-59674
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7.1||HIGH
EPSS-0.13% / 2.96%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 07:32
Updated-15 Jul, 2026 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LPE from suricata user to root due to chown in %post in suricata packaging

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed suricata package allows the suricata user to escalate to root. This issue affects openSUSE Tumbleweed: from ? before 8.0.5-2.1; openSUSE Tumbleweed: from ? before 8.0.5-2.1.

Action-Not Available
Vendor-SUSE
Product-openSUSE Tumbleweed
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2026-56003
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.5||HIGH
EPSS-0.64% / 46.73%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 09:25
Updated-09 Jul, 2026 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libXfont2 computeProps Property Buffer Heap Buffer Overflow

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.

Action-Not Available
Vendor-X.Org Foundation
Product-libxfontlibXfont2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-56002
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.5||HIGH
EPSS-0.59% / 44.13%
||
7 Day CHG+0.06%
Published-08 Jul, 2026 | 09:12
Updated-13 Jul, 2026 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libXfont2 PCF Font Parsing Heap Buffer Overflow

A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8  allows attackers authenticated as X client to execute code within the X server.

Action-Not Available
Vendor-X.Org Foundation
Product-libxfontlibXfont2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-56001
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.5||HIGH
EPSS-0.38% / 30.24%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 08:49
Updated-09 Jul, 2026 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow

A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont

Action-Not Available
Vendor-X.Org Foundation
Product-libxfontlibXfont2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-55999
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.51%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 08:07
Updated-09 Jul, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xorg-server / xwayland glamor font atlas Heap Buffer Overflow

Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.

Action-Not Available
Vendor-X.Org Foundation
Product-x_serverxwaylandxwaylandxorg-server
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-56000
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-9||CRITICAL
EPSS-0.19% / 9.03%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 07:36
Updated-09 Jul, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()

Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.

Action-Not Available
Vendor-X.Org Foundation
Product-x_serverxwaylandxwaylandxorg-x11-server
CWE ID-CWE-416
Use After Free
CVE-2026-44938
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.8||HIGH
EPSS-0.51% / 40.01%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 13:05
Updated-08 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent

A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml (or BundleDeployment.spec.options.namespaceLabels) when applying them to the target namespace. An attacker with git push access to a Fleet-monitored repository could overwrite Pod Security Standards (PSS) enforcement labels on a target namespace. This allows the attacker to weaken admission controls and deploy workloads that PSS policies would otherwise block.

Action-Not Available
Vendor-SUSE
Product-Rancher
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-44937
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.3||HIGH
EPSS-0.51% / 39.86%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 09:52
Updated-09 Jul, 2026 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components

Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.

Action-Not Available
Vendor-SUSE
Product-rancher_fleetRancher
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-44936
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-5||MEDIUM
EPSS-0.39% / 30.92%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 09:30
Updated-09 Jul, 2026 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.

Action-Not Available
Vendor-SUSE
Product-rancher_fleetRancher
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-44934
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7||HIGH
EPSS-0.12% / 2.12%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 08:45
Updated-06 Jul, 2026 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposed tokens in SUSE Rancher AI Agent logs

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials.

Action-Not Available
Vendor-SUSE
Product-Rancher
CWE ID-CWE-215
Insertion of Sensitive Information Into Debugging Code
CVE-2026-44935
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-9.9||CRITICAL
EPSS-0.58% / 44.07%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 16:00
Updated-06 Jul, 2026 | 12:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.

Action-Not Available
Vendor-SUSE
Product-rancher_fleetRancher
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2026-44941
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.4||HIGH
EPSS-0.53% / 41.45%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 15:19
Updated-07 Jul, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libzypp path traversal via "keyhint" in repomd.xml

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.

Action-Not Available
Vendor-openSUSESUSE
Product-libzypplibzypp
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-56004
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-10||CRITICAL
EPSS-0.38% / 29.77%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 14:54
Updated-02 Jul, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
obs-service-tar_scm: command injection via mercurial handler

A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services

Action-Not Available
Vendor-openSUSE
Product-buildservice
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-44948
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 21.14%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 15:12
Updated-02 Jul, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler

A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.

Action-Not Available
Vendor-SUSE
Product-Rancher
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-44949
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7||HIGH
EPSS-0.23% / 14.08%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 14:41
Updated-02 Jul, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook

A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webhook service could submit a crafted admission payload and cause workspace-related Kubernetes objects to be created with attacker-chosen identity data.

Action-Not Available
Vendor-SUSE
Product-Rancher
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-44947
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-6.9||MEDIUM
EPSS-0.23% / 13.69%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 14:21
Updated-02 Jul, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher

A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.

Action-Not Available
Vendor-SUSE
Product-Rancher
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2026-44946
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-9.5||CRITICAL
EPSS-0.29% / 21.07%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:14
Updated-02 Jul, 2026 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SAML Authentication Replay in Rancher

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,

Action-Not Available
Vendor-SUSE
Product-rancherRancher
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2026-41053
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.8||HIGH
EPSS-0.37% / 29.26%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 11:38
Updated-02 Jul, 2026 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Over-inclusive team membership expansion in GitHub App authentication provider for Rancher

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.

Action-Not Available
Vendor-SUSE
Product-rancherRancher
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2026-41052
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-9.4||CRITICAL
EPSS-0.32% / 23.97%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 15:41
Updated-02 Jul, 2026 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rancher Privilege Escalation from Project Owner to Host

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

Action-Not Available
Vendor-SUSE
Product-rancherRancher
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2026-25707
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.77%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 10:04
Updated-30 Jun, 2026 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.

Action-Not Available
Vendor-openSUSESUSE
Product-libzypplibzypp
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-41049
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.4||HIGH
EPSS-0.13% / 3.28%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 15:32
Updated-08 Jul, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Caching of Authentication allows Authentication Bypass between users in qSnapper

Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.

Action-Not Available
Vendor-presirepresire
Product-qsnapperqSnapper
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-41048
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.4||HIGH
EPSS-0.13% / 3.20%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 15:31
Updated-07 Jul, 2026 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".

Action-Not Available
Vendor-presirepresire
Product-qsnapperqSnapper
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-41047
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-6.9||MEDIUM
EPSS-0.15% / 4.63%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 15:25
Updated-07 Jul, 2026 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information leak via “diff” methods in qSnapper

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.

Action-Not Available
Vendor-presirepresire
Product-qsnapperqSnapper
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-41046
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7.3||HIGH
EPSS-0.16% / 5.48%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 15:20
Updated-28 Jun, 2026 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
path traversal via `config` parameter in qSnapper

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.

Action-Not Available
Vendor-presirepresire
Product-qsnapperqSnapper
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-41045
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.1||HIGH
EPSS-0.14% / 3.39%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 15:16
Updated-28 Jun, 2026 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak polkit authentication check in qSnapper

A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.

Action-Not Available
Vendor-presirepresire
Product-qsnapperqSnapper
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-44939
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-9.4||CRITICAL
EPSS-1.28% / 66.74%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 12:13
Updated-24 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command injection through unsanitized YAML parameter in Rancher

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers.

Action-Not Available
Vendor-SUSE
Product-Rancher
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2026-44942
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 25.03%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 09:57
Updated-22 Jun, 2026 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libzypp .repo files can have an optional path which can lead to path traversal attacks

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

Action-Not Available
Vendor-SUSE
Product-libzypp
CWE ID-CWE-24
Path Traversal: '../filedir'
CVE-2025-71261
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.6||HIGH
EPSS-0.21% / 10.94%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 15:42
Updated-16 Jun, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.

Action-Not Available
Vendor-SUSE
Product-Harvester
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-44932
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.8||HIGH
EPSS-0.30% / 21.69%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 15:26
Updated-18 Jun, 2026 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
indirect remote shell command injection via unsanitized DHCP options in wicked

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.

Action-Not Available
Vendor-SUSE
Product-wicked
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-41054
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7.8||HIGH
EPSS-0.18% / 8.22%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 08:56
Updated-05 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing exit out of permission check in haveged could lead to root exploit

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.

Action-Not Available
Vendor-SUSE
Product-SUSE Linux Enterprise Server for SAP Applications 15 SP7Image SLES15-SP4-SAP-BYOS-AzureSUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP5SUSE Linux Enterprise Server for SAP Applications 15 SP4SUSE Manager Proxy LTS 4.3Image SLES15-SP4-SAP-BYOS-EC2Image SLES15-SP4-SAP-Hardened-BYOS-AzureImage SLES15-SP4-SAP-Hardened-BYOSImage SLES15-SP4-SAP-BYOSSUSE Linux Enterprise Server for SAP Applications 15 SP6Image SLES15-SP4-SAP-Hardened-BYOS-EC2Image SLES15-SP4-SAP-Hardened-GCESUSE Linux Enterprise Server 15 SP7Container suse/sle-micro-rancher/5.3:latestSUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Server 15 SP6-LTSSImage SLES15-SP4-SAP-BYOS-GCEImage SLES15-SP4-SAP-HardenedSUSE Manager Retail Branch Server LTS 4.3SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Server 15 SP5-LTSSSUSE Manager Server LTS 4.3SUSE Linux Enterprise Desktop 15 SP7Container suse/sle-micro-rancher/5.4:latestSUSE Linux Enterprise Module for Basesystem 15 SP7Container suse/sle-micro/5.5:latestImage SLES15-SP4-SAP-Hardened-BYOS-GCESUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2026-44933
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.74%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 08:51
Updated-21 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in Plugin Loading in libzypp

`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.

Action-Not Available
Vendor-SUSE
Product-openSUSESUSE Linux Enterprise
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2026-25710
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7||HIGH
EPSS-0.13% / 3.29%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 08:44
Updated-13 May, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the system.

Action-Not Available
Vendor-KDE
Product-plasma-login-manager
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2026-41051
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 0.13%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 08:37
Updated-13 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
csync2 uses insecure temporary directories when compiled with C99 or later

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.

Action-Not Available
Vendor-SUSE
Product-openSUSE Tumbleweed
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-44931
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-5.1||MEDIUM
EPSS-0.15% / 4.62%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 08:30
Updated-13 May, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API

The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd

Action-Not Available
Vendor-The GNOME Project
Product-malcontent
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-41050
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-9.9||CRITICAL
EPSS-0.38% / 30.23%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 08:04
Updated-14 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.

Action-Not Available
Vendor-SUSE
Product-Rancher
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-25705
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.4||HIGH
EPSS-0.37% / 29.07%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 08:00
Updated-14 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rancher Extensions have arbitrary file access via path traversal

A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code. * Write to /var/lib/rancher/ to tamper with cluster state. * If hostPath volumes are mounted, write to the host node filesystem. * Use this issue to chain with other attack vectors.

Action-Not Available
Vendor-SUSE
Product-rancher
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2026-25704
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-5.8||MEDIUM
EPSS-0.09% / 0.50%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 07:44
Updated-16 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete privilege drop for com.system76.CosmicGreeter.GetUserData

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in  cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426.

Action-Not Available
Vendor-pop-os
Product-cosmic-greeter
CWE ID-CWE-271
Privilege Dropping / Lowering Errors
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-25702
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7.3||HIGH
EPSS-0.20% / 10.42%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 07:00
Updated-09 Mar, 2026 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nftables disabled due to incorrect kernel backport

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.

Action-Not Available
Vendor-SUSE
Product-linux_enterprise_serverSUSE Linux Enterprise Server
CWE ID-CWE-284
Improper Access Control
CVE-2025-62879
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-6.8||MEDIUM
EPSS-0.34% / 26.25%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 15:08
Updated-05 Mar, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rancher Backup Operator pod's logs leak S3 tokens

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

Action-Not Available
Vendor-SUSE
Product-rancher_backup_and_restore_operatorRancher
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-25701
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7||HIGH
EPSS-0.11% / 1.45%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 10:59
Updated-25 Feb, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored. *  overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak. This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.

Action-Not Available
Vendor-openSUSE
Product-sdbootutil
CWE ID-CWE-377
Insecure Temporary File
CVE-2025-62878
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-9.9||CRITICAL
EPSS-0.58% / 43.90%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 10:49
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

Action-Not Available
Vendor-SUSE
Product-Rancher
CWE ID-CWE-23
Relative Path Traversal
CVE-2025-67601
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.3||HIGH
EPSS-0.15% / 4.92%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 10:36
Updated-03 Mar, 2026 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

Action-Not Available
Vendor-SUSE
Product-rancherrancher
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-67860
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-3.8||LOW
EPSS-0.09% / 0.62%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 10:33
Updated-25 Feb, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NeuVector scanner insecurely handles passwords as command arguments

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users.

Action-Not Available
Vendor-SUSE
Product-harvester
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-14338
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.5||HIGH
EPSS-0.22% / 12.73%
||
7 Day CHG~0.00%
Published-14 Jan, 2026 | 11:55
Updated-14 Jan, 2026 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Polkit authentication dis isabled by default in inputplumber

Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005.

Action-Not Available
Vendor-https://github.com/ShadowBlip
Product-inputplumber
CWE ID-CWE-284
Improper Access Control
CVE-2025-66005
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-8.5||HIGH
EPSS-0.20% / 10.02%
||
7 Day CHG~0.00%
Published-14 Jan, 2026 | 11:53
Updated-14 Jan, 2026 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of Authentication in the InputManager D-Bus interface

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session.

Action-Not Available
Vendor-https://github.com/ShadowBlip
Product-inputplumber
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-67859
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-5.1||MEDIUM
EPSS-0.20% / 10.31%
||
7 Day CHG~0.00%
Published-14 Jan, 2026 | 11:34
Updated-14 Jan, 2026 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Polkit Authorization Check can be Bypassed in the TLP power daemon

A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1.

Action-Not Available
Vendor-https://github.com/linrunner
Product-TLP
CWE ID-CWE-287
Improper Authentication
CVE-2025-67858
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7||HIGH
EPSS-0.17% / 6.74%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 15:23
Updated-08 Jan, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A crafted "interface" input parameter can lead to integrity loss of the firewall configuration

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31.

Action-Not Available
Vendor-https://github.com/FoobarOy/
Product-Foomuuri
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2025-67603
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-5.1||MEDIUM
EPSS-0.15% / 4.48%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 15:04
Updated-08 Jan, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of client authorization allows arbitrary users to influence the firewall configuration

A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.

Action-Not Available
Vendor-https://github.com/FoobarOy/
Product-Foomuuri
CWE ID-CWE-285
Improper Authorization
CVE-2025-66003
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-7.3||HIGH
EPSS-0.11% / 1.55%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 14:58
Updated-08 Jan, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local users can perform a local root exploit via smb4k mounthelper

An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.

Action-Not Available
Vendor-https://github.com/KDE/
Product-smb4k
CWE ID-CWE-73
External Control of File Name or Path
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next