Critical severity9.1NVD Advisory· Published Apr 16, 2025· Updated Apr 15, 2026

CVE-2024-22036

Description

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development environments, based on a –privileged Docker container, it is possible to escape the Docker container and gain execution access on the host system.

This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/rancher/rancherGo	>= 2.7.0, < 2.7.16	2.7.16
github.com/rancher/rancherGo	>= 2.8.0, < 2.8.9	2.8.9
github.com/rancher/rancherGo	>= 2.9.0, < 2.9.3	2.9.3

Patches

d6bfc4c47342

https://github.com/rancher/ranchervia osv

d619f78675f4

https://github.com/rancher/ranchervia osv

261bb3c70eeb

https://github.com/rancher/ranchervia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-h99m-6755-rgwcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-22036ghsaADVISORY
bugzilla.suse.com/show_bug.cginvdWEB
github.com/rancher/rancher/security/advisories/GHSA-h99m-6755-rgwcnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000