CVE Catalog

CVE-2026-44946

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person-in-the-middle attacks. Affects Rancher 2.14.0 before 2.14.3.

Risk Assessment

An attacker could intercept and replay SAML assertions, gaining unauthorized access to Rancher and potentially compromising managed Kubernetes clusters.

Recommendation

Upgrade Rancher to version 2.14.3 or later immediately, which enforces one-time use of SAML assertions.

Original NVD description (English source)

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,

Vulnerability data from NVD (NIST) · CISA KEV · EPSS