cbcvebase.
CVE-2024-58260
published 2025-10-02

CVE-2024-58260: A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with…

PriorityP342high7.6CVSS 3.1
AVNACLPRHUINSCCNILAH
EPSS
0.45%
36.1th percentile
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.

Affected

8 ranges
VendorProductVersion rangeFixed in
github.comrancher_rancher>= 2.10.0 < 2.10.102.10.10
github.comrancher_rancher>= 2.11.0 < 2.11.62.11.6
github.comrancher_rancher>= 2.12.0 < 2.12.22.12.2
github.comrancher_rancher>= 2.9.0 < 2.9.122.9.12
suserancher>= 2.10.0 < 2.10.102.10.10
suserancher>= 2.11.0 < 2.11.62.11.6
suserancher>= 2.12.0 < 2.12.22.12.2
suserancher>= 2.9.0 < 2.9.122.9.12
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.