CVE-2026-44946
HighCVSS 7.4Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person-in-the-middle attacks. Affects Rancher 2.14.0 before 2.14.3.
Risk Assessment
An attacker could intercept and replay SAML assertions, gaining unauthorized access to Rancher and potentially compromising managed Kubernetes clusters.
Recommendation
Upgrade Rancher to version 2.14.3 or later immediately, which enforces one-time use of SAML assertions.
Original NVD description (English source)
A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,

