High severityNVD Advisory· Published Feb 25, 2026· Updated Feb 26, 2026
Rancher CLI skips TLS verification on Rancher CLI login command
CVE-2025-67601
Description
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | < 0.0.0-20260129092249-bb0625fd1896 | 0.0.0-20260129092249-bb0625fd1896 |
github.com/rancher/rancherGo | >= 2.13.0, < 2.13.2 | 2.13.2 |
github.com/rancher/rancherGo | >= 2.12.0, < 2.12.6 | 2.12.6 |
github.com/rancher/rancherGo | >= 2.11.0, < 2.11.10 | 2.11.10 |
github.com/rancher/rancherGo | >= 2.10.0, < 2.10.11 | 2.10.11 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/rancher/rancherpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0.0.0-20260129092249-bb0625fd1896+ 1 more
- (no CPE)range: < 0.0.0-20260129092249-bb0625fd1896
- (no CPE)range: < 0.0.20260205T172317-150000.1.146.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-mc24-7m59-4q5pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-67601ghsaADVISORY
- attack.mitre.org/techniques/T1557ghsaWEB
- bugzilla.suse.com/show_bug.cgighsaWEB
- github.com/rancher/rancher/releases/tag/v2.13.2ghsaWEB
- github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5pghsaWEB
News mentions
0No linked articles in our index yet.