[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-44946":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-30T17:41:09.649Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":527,"aliases":528,"duplicate_of":9,"upstream":529,"downstream":530,"duplicates":531,"related":532,"reserved_at":9,"published_at":533,"modified_at":534,"state":535,"summary":536,"references_raw":543,"kevs":549,"epss":9,"epss_history":550,"metrics":551,"affected":555},"CVE-2026-44946","A SAML authentication replay vulnerability in Rancher's Assertion\n Consumer Service (ACS) handler did not enforce \none-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-294","Authentication Bypass by Capture-replay","A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).","weakness","Incomplete","Base","High",[20,24,125,209,239,370,405,440,492,496],{"id":21,"name":22,"techniques":23},"CAPEC-102","Session Sidejacking",[],{"id":25,"name":26,"techniques":27},"CAPEC-509","Kerberoasting",[28],{"id":29,"name":26,"tactics":30,"countermeasures":34},"T1558.003",[31],{"id":32,"name":33},"TA0031","Credential Access",[35,40,44,48,52,56,60,64,68,72,76,81,85,90,95,99,103,107,111,116,121],{"id":36,"name":37,"tactic":38},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":39},{"id":45,"name":46,"tactic":47},"D3-CSPP","Client-server Payload Profiling",{"name":39},{"id":49,"name":50,"tactic":51},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-NTSA","Network Traffic Signature Analysis",{"name":39},{"id":57,"name":58,"tactic":59},"D3-APCA","Application Protocol Command Analysis",{"name":39},{"id":61,"name":62,"tactic":63},"D3-NTCD","Network Traffic Community Deviation",{"name":39},{"id":65,"name":66,"tactic":67},"D3-RTSD","Remote Terminal Session Detection",{"name":39},{"id":69,"name":70,"tactic":71},"D3-CCSA","Credential Compromise Scope Analysis",{"name":39},{"id":73,"name":74,"tactic":75},"D3-RTA","RPC Traffic Analysis",{"name":39},{"id":77,"name":78,"tactic":79},"D3-CR","Credential Revocation",{"name":80},"Evict",{"id":82,"name":83,"tactic":84},"D3-ANCI","Authentication Cache Invalidation",{"name":80},{"id":86,"name":87,"tactic":88},"D3-DUC","Decoy User Credential",{"name":89},"Deceive",{"id":91,"name":92,"tactic":93},"D3-CH","Credential Hardening",{"name":94},"Harden",{"id":96,"name":97,"tactic":98},"D3-MFA","Multi-factor Authentication",{"name":94},{"id":100,"name":101,"tactic":102},"D3-CRO","Credential Rotation",{"name":94},{"id":104,"name":105,"tactic":106},"D3-TB","Token Binding",{"name":94},{"id":108,"name":109,"tactic":110},"D3-TBA","Token-based Authentication",{"name":94},{"id":112,"name":113,"tactic":114},"D3-RIC","Reissue Credential",{"name":115},"Restore",{"id":117,"name":118,"tactic":119},"D3-NTF","Network Traffic Filtering",{"name":120},"Isolate",{"id":122,"name":123,"tactic":124},"D3-CTS","Credential Transmission Scoping",{"name":120},{"id":126,"name":127,"techniques":128},"CAPEC-555","Remote Services with Stolen Credentials",[129,163,196],{"id":130,"name":131,"tactics":132,"countermeasures":136},"T1021","Remote Services",[133],{"id":134,"name":135},"TA0109","Lateral Movement",[137,139,141,143,145,147,149,151,153,157,161],{"id":36,"name":37,"tactic":138},{"name":39},{"id":41,"name":42,"tactic":140},{"name":39},{"id":45,"name":46,"tactic":142},{"name":39},{"id":49,"name":50,"tactic":144},{"name":39},{"id":53,"name":54,"tactic":146},{"name":39},{"id":57,"name":58,"tactic":148},{"name":39},{"id":61,"name":62,"tactic":150},{"name":39},{"id":65,"name":66,"tactic":152},{"name":39},{"id":154,"name":155,"tactic":156},"D3-CAA","Connection Attempt Analysis",{"name":39},{"id":158,"name":159,"tactic":160},"D3-ST","Session Termination",{"name":80},{"id":117,"name":118,"tactic":162},{"name":120},{"id":164,"name":165,"tactics":166,"countermeasures":170},"T1114.002","Remote Email Collection",[167],{"id":168,"name":169},"TA0100","Collection",[171,176,180,184,188,192],{"id":172,"name":173,"tactic":174},"D3-NNI","Network Node Inventory",{"name":175},"Model",{"id":177,"name":178,"tactic":179},"D3-PLM","Physical Link Mapping",{"name":175},{"id":181,"name":182,"tactic":183},"D3-LLM","Logical Link Mapping",{"name":175},{"id":185,"name":186,"tactic":187},"D3-EHB","Endpoint Health Beacon",{"name":39},{"id":189,"name":190,"tactic":191},"D3-ER","Email Removal",{"name":80},{"id":193,"name":194,"tactic":195},"D3-RNA","Restore Network Access",{"name":115},{"id":197,"name":198,"tactics":199,"countermeasures":206},"T1133","External Remote Services",[200,203],{"id":201,"name":202},"TA0110","Persistence",{"id":204,"name":205},"TA0108","Initial Access",[207],{"id":158,"name":159,"tactic":208},{"name":80},{"id":210,"name":211,"techniques":212},"CAPEC-561","Windows Admin Shares with Stolen Credentials",[213],{"id":214,"name":215,"tactics":216,"countermeasures":218},"T1021.002","SMB/Windows Admin Shares",[217],{"id":134,"name":135},[219,221,223,225,227,229,231,233,235,237],{"id":36,"name":37,"tactic":220},{"name":39},{"id":41,"name":42,"tactic":222},{"name":39},{"id":45,"name":46,"tactic":224},{"name":39},{"id":49,"name":50,"tactic":226},{"name":39},{"id":53,"name":54,"tactic":228},{"name":39},{"id":57,"name":58,"tactic":230},{"name":39},{"id":61,"name":62,"tactic":232},{"name":39},{"id":65,"name":66,"tactic":234},{"name":39},{"id":154,"name":155,"tactic":236},{"name":39},{"id":117,"name":118,"tactic":238},{"name":120},{"id":240,"name":241,"techniques":242},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[243,279],{"id":244,"name":245,"tactics":246,"countermeasures":256},"T1134.001","Token Impersonation/Theft",[247,250,253],{"id":248,"name":249},"TA0030","Defense Evasion",{"id":251,"name":252},"TA0005","Stealth",{"id":254,"name":255},"TA0111","Privilege Escalation",[257,259,261,263,265,267,269,271,273,275,277],{"id":69,"name":70,"tactic":258},{"name":39},{"id":77,"name":78,"tactic":260},{"name":80},{"id":82,"name":83,"tactic":262},{"name":80},{"id":86,"name":87,"tactic":264},{"name":89},{"id":91,"name":92,"tactic":266},{"name":94},{"id":96,"name":97,"tactic":268},{"name":94},{"id":100,"name":101,"tactic":270},{"name":94},{"id":104,"name":105,"tactic":272},{"name":94},{"id":108,"name":109,"tactic":274},{"name":94},{"id":112,"name":113,"tactic":276},{"name":115},{"id":122,"name":123,"tactic":278},{"name":120},{"id":280,"name":281,"tactics":282,"countermeasures":285},"T1550.004","Web Session Cookie",[283,284],{"id":248,"name":249},{"id":134,"name":135},[286,288,290,292,294,296,298,300,302,306,310,314,316,320,324,328,332,334,336,338,340,342,344,346,348,352,356,360,364,368],{"id":36,"name":37,"tactic":287},{"name":39},{"id":41,"name":42,"tactic":289},{"name":39},{"id":45,"name":46,"tactic":291},{"name":39},{"id":49,"name":50,"tactic":293},{"name":39},{"id":53,"name":54,"tactic":295},{"name":39},{"id":57,"name":58,"tactic":297},{"name":39},{"id":61,"name":62,"tactic":299},{"name":39},{"id":65,"name":66,"tactic":301},{"name":39},{"id":303,"name":304,"tactic":305},"D3-PLA","Process Lineage Analysis",{"name":39},{"id":307,"name":308,"tactic":309},"D3-PSMD","Process Self-Modification Detection",{"name":39},{"id":311,"name":312,"tactic":313},"D3-PSA","Process Spawn Analysis",{"name":39},{"id":69,"name":70,"tactic":315},{"name":39},{"id":317,"name":318,"tactic":319},"D3-PT","Process Termination",{"name":80},{"id":321,"name":322,"tactic":323},"D3-PS","Process Suspension",{"name":80},{"id":325,"name":326,"tactic":327},"D3-HR","Host Reboot",{"name":80},{"id":329,"name":330,"tactic":331},"D3-HS","Host Shutdown",{"name":80},{"id":77,"name":78,"tactic":333},{"name":80},{"id":82,"name":83,"tactic":335},{"name":80},{"id":86,"name":87,"tactic":337},{"name":89},{"id":91,"name":92,"tactic":339},{"name":94},{"id":96,"name":97,"tactic":341},{"name":94},{"id":100,"name":101,"tactic":343},{"name":94},{"id":112,"name":113,"tactic":345},{"name":115},{"id":117,"name":118,"tactic":347},{"name":120},{"id":349,"name":350,"tactic":351},"D3-KBPI","Kernel-based Process Isolation",{"name":120},{"id":353,"name":354,"tactic":355},"D3-SCF","System Call Filtering",{"name":120},{"id":357,"name":358,"tactic":359},"D3-HBPI","Hardware-based Process Isolation",{"name":120},{"id":361,"name":362,"tactic":363},"D3-ABPI","Application-based Process Isolation",{"name":120},{"id":365,"name":366,"tactic":367},"D3-WSAM","Web Session Access Mediation",{"name":120},{"id":122,"name":123,"tactic":369},{"name":120},{"id":371,"name":372,"techniques":373},"CAPEC-644","Use of Captured Hashes (Pass The Hash)",[374],{"id":375,"name":376,"tactics":377,"countermeasures":380},"T1550.002","Pass the Hash",[378,379],{"id":248,"name":249},{"id":134,"name":135},[381,383,385,387,389,391,393,395,397,399,401,403],{"id":303,"name":304,"tactic":382},{"name":39},{"id":307,"name":308,"tactic":384},{"name":39},{"id":311,"name":312,"tactic":386},{"name":39},{"id":317,"name":318,"tactic":388},{"name":80},{"id":321,"name":322,"tactic":390},{"name":80},{"id":325,"name":326,"tactic":392},{"name":80},{"id":329,"name":330,"tactic":394},{"name":80},{"id":349,"name":350,"tactic":396},{"name":120},{"id":353,"name":354,"tactic":398},{"name":120},{"id":357,"name":358,"tactic":400},{"name":120},{"id":361,"name":362,"tactic":402},{"name":120},{"id":365,"name":366,"tactic":404},{"name":120},{"id":406,"name":407,"techniques":408},"CAPEC-645","Use of Captured Tickets (Pass The Ticket)",[409],{"id":410,"name":411,"tactics":412,"countermeasures":415},"T1550.003","Pass the Ticket",[413,414],{"id":248,"name":249},{"id":134,"name":135},[416,418,420,422,424,426,428,430,432,434,436,438],{"id":303,"name":304,"tactic":417},{"name":39},{"id":307,"name":308,"tactic":419},{"name":39},{"id":311,"name":312,"tactic":421},{"name":39},{"id":317,"name":318,"tactic":423},{"name":80},{"id":321,"name":322,"tactic":425},{"name":80},{"id":325,"name":326,"tactic":427},{"name":80},{"id":329,"name":330,"tactic":429},{"name":80},{"id":349,"name":350,"tactic":431},{"name":120},{"id":353,"name":354,"tactic":433},{"name":120},{"id":357,"name":358,"tactic":435},{"name":120},{"id":361,"name":362,"tactic":437},{"name":120},{"id":365,"name":366,"tactic":439},{"name":120},{"id":441,"name":442,"techniques":443},"CAPEC-652","Use of Known Kerberos Credentials",[444],{"id":445,"name":446,"tactics":447,"countermeasures":449},"T1558","Steal or Forge Kerberos Tickets",[448],{"id":32,"name":33},[450,452,454,456,458,460,462,464,466,468,470,472,474,476,478,480,482,484,486,488,490],{"id":36,"name":37,"tactic":451},{"name":39},{"id":41,"name":42,"tactic":453},{"name":39},{"id":45,"name":46,"tactic":455},{"name":39},{"id":49,"name":50,"tactic":457},{"name":39},{"id":53,"name":54,"tactic":459},{"name":39},{"id":57,"name":58,"tactic":461},{"name":39},{"id":61,"name":62,"tactic":463},{"name":39},{"id":65,"name":66,"tactic":465},{"name":39},{"id":69,"name":70,"tactic":467},{"name":39},{"id":73,"name":74,"tactic":469},{"name":39},{"id":77,"name":78,"tactic":471},{"name":80},{"id":82,"name":83,"tactic":473},{"name":80},{"id":86,"name":87,"tactic":475},{"name":89},{"id":91,"name":92,"tactic":477},{"name":94},{"id":96,"name":97,"tactic":479},{"name":94},{"id":100,"name":101,"tactic":481},{"name":94},{"id":104,"name":105,"tactic":483},{"name":94},{"id":108,"name":109,"tactic":485},{"name":94},{"id":112,"name":113,"tactic":487},{"name":115},{"id":117,"name":118,"tactic":489},{"name":120},{"id":122,"name":123,"tactic":491},{"name":120},{"id":493,"name":494,"techniques":495},"CAPEC-701","Browser in the Middle (BiTM)",[],{"id":497,"name":498,"techniques":499},"CAPEC-94","Adversary in the Middle (AiTM)",[500],{"id":501,"name":502,"tactics":503,"countermeasures":506},"T1557","Adversary-in-the-Middle",[504,505],{"id":32,"name":33},{"id":168,"name":169},[507,509,511,513,515,517,519,521,523,525],{"id":36,"name":37,"tactic":508},{"name":39},{"id":41,"name":42,"tactic":510},{"name":39},{"id":45,"name":46,"tactic":512},{"name":39},{"id":49,"name":50,"tactic":514},{"name":39},{"id":53,"name":54,"tactic":516},{"name":39},{"id":57,"name":58,"tactic":518},{"name":39},{"id":61,"name":62,"tactic":520},{"name":39},{"id":65,"name":66,"tactic":522},{"name":39},{"id":154,"name":155,"tactic":524},{"name":39},{"id":117,"name":118,"tactic":526},{"name":120},[],[],[],[],[],[],"2026-06-30T12:14:54.269Z","2026-06-30T13:44:26.795Z","PUBLISHED",{"cisa_kev":537,"cisa_ransomware":537,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":538,"severity_score":539,"severity_version":540,"severity_source":541,"severity_vector":542,"severity_status":535},false,"critical",9.5,"v4.0","cve.org","CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",[544],{"url":545,"sources":546,"tags":547},"https://github.com/rancher/rancher/security/advisories/GHSA-c5jm-xcmq-9j95",[541],[548],"Vendor Advisory",[],[],[552],{"source":541,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":553},{"baseScore":539,"baseSeverity":554,"vectorString":542,"impactScore":9,"exploitabilityScore":9},"CRITICAL",[556],{"ecosystem":9,"name":557,"vendor":558,"product":559,"cpe_part":560,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":561},"Rancher","suse","rancher","a",[562,569,573,577],{"version":563,"is_range":564,"range_type":541,"version_start":565,"version_start_type":566,"version_end":567,"version_end_type":568,"fixed_in":9},">= 2.14.0, \u003C 2.14.3",true,"2.14.0","including","2.14.3","excluding",{"version":570,"is_range":564,"range_type":541,"version_start":571,"version_start_type":566,"version_end":572,"version_end_type":568,"fixed_in":9},">= 2.13.0, \u003C 2.13.7","2.13.0","2.13.7",{"version":574,"is_range":564,"range_type":541,"version_start":575,"version_start_type":566,"version_end":576,"version_end_type":568,"fixed_in":9},">= 2.12.0, \u003C 2.12.11","2.12.0","2.12.11",{"version":578,"is_range":564,"range_type":541,"version_start":579,"version_start_type":566,"version_end":580,"version_end_type":568,"fixed_in":9},">= 2.11.0, \u003C 2.11.15","2.11.0","2.11.15"]