VYPR
High severityNVD Advisory· Published Feb 25, 2026· Updated Feb 26, 2026

Rancher CLI skips TLS verification on Rancher CLI login command

CVE-2025-67601

Description

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/rancher/rancherGo
< 0.0.0-20260129092249-bb0625fd18960.0.0-20260129092249-bb0625fd1896
github.com/rancher/rancherGo
>= 2.13.0, < 2.13.22.13.2
github.com/rancher/rancherGo
>= 2.12.0, < 2.12.62.12.6
github.com/rancher/rancherGo
>= 2.11.0, < 2.11.102.11.10
github.com/rancher/rancherGo
>= 2.10.0, < 2.10.112.10.11

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.