cbcvebase.
CVE-2024-58259
published 2025-09-02

CVE-2024-58259: A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and…

PriorityP348high8.2CVSS 3.1
AVNACLPRNUINSUCNILAH
EPSS
0.48%
37.9th percentile
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).

Affected

10 ranges
VendorProductVersion rangeFixed in
github.comrancher_rancher>= 0 < 0.0.0-20250813072957-aee95d4e2a410.0.0-20250813072957-aee95d4e2a41
github.comrancher_rancher>= 2.10.0 < 2.10.92.10.9
github.comrancher_rancher>= 2.11.0 < 2.11.52.11.5
github.comrancher_rancher>= 2.12.0 < 2.12.12.12.1
github.comrancher_rancher>= 2.9.0 < 2.9.112.9.11
suserancher< 0.0.0-20250813072957-aee95d4e2a410.0.0-20250813072957-aee95d4e2a41
suserancher>= 2.10.0 < 2.10.92.10.9
suserancher>= 2.11.0 < 2.11.52.11.5
suserancher>= 2.12.0 < 2.12.12.12.1
suserancher>= 2.9.0 < 2.9.112.9.11
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.