CVE-2026-25705 - Vulnerability Analysis
HighCVSS: 8.4Last Updated: May 13, 2026
Rancher Extensions - Path Traversal
Overview
Rancher Extensions contain a path traversal vulnerability caused by improper validation of the compressedEndpoint field in UIPlugin deployments, letting attackers inject malicious code and overwrite files, exploit requires malicious UI extension deployment.
Severity & Score
Impact
Attackers can overwrite Rancher binaries, tamper with cluster state, and write to host filesystem, potentially leading to full system compromise.
Mitigation
Update to the latest Rancher Extensions version with the vulnerability fixed.
References
Social Media Activity(2 posts)
š CVE-2026-25705 - High (8.4) A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` ... š https://www.thehackerwire.com/vulnerability/CVE-2026-25705/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-25705 - High (8.4) A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` ... š https://www.thehackerwire.com/vulnerability/CVE-2026-25705/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-25705
- Severity
- High
- CVSS Score
- 8.4
- Type
- path_traversal
- Status
- unconfirmed
- EPSS
- 4.2%
- Social Posts
- 2
CWE
- CWE-35
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H