High severity7.6GHSA Advisory· Published Oct 2, 2025· Updated Apr 15, 2026

CVE-2024-58260

Description

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/rancher/rancherGo	>= 2.12.0, < 2.12.2	2.12.2
github.com/rancher/rancherGo	>= 2.11.0, < 2.11.6	2.11.6
github.com/rancher/rancherGo	>= 2.10.0, < 2.10.10	2.10.10
github.com/rancher/rancherGo	>= 2.9.0, < 2.9.12	2.9.12

Affected products

Rancher/RancherGHSA
Range: >= 2.9.0, < 2.9.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-q82v-h4rq-5c86ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-58260ghsaADVISORY
bugzilla.suse.com/show_bug.cginvdWEB
github.com/rancher/rancher/security/advisories/GHSA-q82v-h4rq-5c86nvdWEB
pkg.go.dev/vuln/GO-2025-3983ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.494
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000