Suse
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Suse product.
RSS Feeds for Suse security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Suse products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Suse Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 29 vulnerabilities in Suse with an average score of 8.0 out of ten. Last year, in 2025 Suse had 29 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Suse in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.67.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 29 | 7.96 |
| 2025 | 29 | 7.29 |
| 2024 | 8 | 7.00 |
| 2023 | 20 | 7.84 |
| 2022 | 21 | 7.10 |
| 2021 | 11 | 6.57 |
| 2020 | 39 | 6.41 |
| 2019 | 13 | 7.09 |
| 2018 | 39 | 7.46 |
It may take a day or so for new Suse vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Suse Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-44938 | Jul 07, 2026 |
CVE-2026-44938: Fleet Agent Deployer NamespaceLabel InjectionA vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml (or BundleDeployment.spec.options.namespaceLabels) when applying them to the target namespace. An attacker with git push access to a Fleet-monitored repository could overwrite Pod Security Standards (PSS) enforcement labels on a target namespace. This allows the attacker to weaken admission controls and deploy workloads that PSS policies would otherwise block. |
|
| CVE-2026-44937 | Jul 06, 2026 |
SUSE Rancher Fleet <=0.15.1 Webhook request forgery leading to DoSPotential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system. |
|
| CVE-2026-44936 | Jul 06, 2026 |
Missing helmRepoURLRegex filter on SUSE Rancher Fleet 0.15 leaks BasicAuthMissing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials. |
|
| CVE-2026-44934 | Jul 06, 2026 |
SUSE Rancher AI Agent 1.0 Before 1.0.2: DEBUG Log Disclosure of API KeysA information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials. |
|
| CVE-2026-44935 | Jul 02, 2026 |
SUSE Rancher Fleet 0.15+ CrossTenant Credential Leak via valuesFromMissing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants. |
|
| CVE-2026-44941 | Jul 02, 2026 |
libzypp Path Traversal <17.38.12 via keyhint in repomd.xmlA relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root. |
|
| CVE-2026-44948 | Jun 30, 2026 |
Path Traversal in Rancher Fleet ImageScan (0.12.0-0.15.3) DoSA path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service. |
|
| CVE-2026-44949 | Jun 30, 2026 |
Rancher FleetWorkspace (v0.7.0-0.10.7) Unauth Webhook Priv EscA Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webhook service could submit a crafted admission payload and cause workspace-related Kubernetes objects to be created with attacker-chosen identity data. |
|
| CVE-2026-44947 | Jun 30, 2026 |
Rancher PRTB Reconciler before 2.14.4 PSA retain flawA missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate. |
|
| CVE-2026-44946 | Jun 30, 2026 |
SAML Assertion Replay in Rancher 2.14.02.14.2 ACSA SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3, |
|
| CVE-2026-41053 | Jun 30, 2026 |
Rancher 2.13/2.14 Auth Caching Grants Admin Access to Any UserIncorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2. |
|
| CVE-2026-41052 | Jun 29, 2026 |
Rancher <2.14.2 Improper Privilege Escalation via Project Owner RoleImproper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10. |
|
| CVE-2026-25707 | Jun 29, 2026 |
libzypp RPath Traversal Pre-17.38.10 Allows Remote ExploitA relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation. |
|
| CVE-2026-44939 | Jun 19, 2026 |
Command Injection in Rancher Manager < 2.14.2 Import Endpoint (YAML)A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers. |
|
| CVE-2026-44942 | Jun 18, 2026 |
Path Traversal in libzypp <17.38.13 / 16.22.19A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content. |
|
| CVE-2025-71261 | Jun 16, 2026 |
TLS Handshake Bypass in SUSE Harvester <1.8.0 (Virtualization/Rancher Manager)An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control. |
|
| CVE-2026-44932 | Jun 16, 2026 |
Unvalidated DHCP strings in wicked <0.6.79 dhcp clientPassing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine. |
|
| CVE-2026-41054 | May 20, 2026 |
Local Privilege Escalation via haveged UNIX Socket on SUSEIn `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`. |
And others... |
| CVE-2026-44933 | May 20, 2026 |
SUSE zypper PluginScript Chroot No-Op leading to host binary exec`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges. |
|
| CVE-2026-41051 | May 13, 2026 |
Csync2 Insecure Temp Dir - TOCTOU via C99 Buildcsync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. |
|
| CVE-2026-41050 | May 13, 2026 |
ServiceAccount Impersonation Leak in Fleet Helm Deployer (CVE-2026-41050)Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`. |
|
| CVE-2026-25705 | May 13, 2026 |
Rancher Extensions Path Traversal in UIPlugin Enables Code InjectionA vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code. * Write to /var/lib/rancher/ to tamper with cluster state. * If hostPath volumes are mounted, write to the host node filesystem. * Use this issue to chain with other attack vectors. |
|
| CVE-2026-25702 | Mar 05, 2026 |
Improper Access Control in SUSE Linux Enterprise Server Kernel Breaks nftablesA Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d. |
|
| CVE-2025-62879 | Mar 04, 2026 |
S3 Credentials Leak in Rancher Backup Operator LogsA vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs. |
|
| CVE-2025-62878 | Feb 25, 2026 |
Privilege Escalation via PersistentVolume Path Manipulation in SUSE OpenShiftA malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. |
|
| CVE-2025-67601 | Feb 25, 2026 |
Rancher CLI CA Bypass via -skip-verify FlagA vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the cacert flag results in the CLI attempting to fetch CA certificates stored in Ranchers setting cacerts. |
|
| CVE-2025-67860 | Feb 25, 2026 |
NeuVector Scanner Credential Leak via CLI ArgsA vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users. |
|
| CVE-2025-62877 | Jan 08, 2026 |
Harvester 1.5/1.6 Interactive Installer Exposes OS Default SSH PasswordProjects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup. |
|
| CVE-2025-66001 | Jan 08, 2026 |
NeuVector OIDC TLS SkipMITM RiskNeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks. |
|
| CVE-2025-62875 | Nov 20, 2025 |
Crash via Improper Check (CVE-2025-62875) in OpenSMTPD before 7.8.0p0-1.1An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1. |
|
| CVE-2025-62876 | Nov 12, 2025 |
Privilege Escalation via Unnecessary Privileges in lightdm-kde-greeter <6.0.4A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4. |
|
| CVE-2025-53883 | Oct 30, 2025 |
Reflected XSS in SUSE Manager Server <5.0.28 / <4.3.88A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x86_64/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manager Server LTS 4.3: from ? before 4.3.88-150400.3.113.5. |
|
| CVE-2025-53880 | Oct 30, 2025 |
tftpsync Path Traversal Write/Del via TFTP Scripts (CVE-2025-53880)A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses. |
|
| CVE-2025-54471 | Oct 30, 2025 |
NeuVector Hard-Coded Key in Source Enables Config Encryption DisclosureNeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. |
|
| CVE-2025-54469 | Oct 30, 2025 |
NeuVector Enforcer Command Injection via Unsanitized CLUSTER_* PortsA vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer container stops, the monitor process checks whether the consul subprocess has exited. To perform this check, the monitor process uses the popen function to execute a shell command that determines whether the ports used by the consul subprocess are still active. The values of environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT are used directly to compose shell commands via popen without validation or sanitization. This behavior could allow a malicious user to inject malicious commands through these variables within the enforcer container. |
|
| CVE-2025-54470 | Oct 30, 2025 |
NeuVector TLS Cert Verification Bypass in Anonymous Telemetry (MITM/DoS)This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when transmitting anonymous cluster data to the telemetry server. As a result, the communication channel is susceptible to man-in-the-middle (MITM) attacks, where an attacker could intercept or modify the transmitted data. Additionally, NeuVector loads the response of the telemetry server is loaded into memory without size limitation, which makes it vulnerable to a Denial of Service(DoS) attack |
|
| CVE-2024-58269 | Oct 29, 2025 |
CVE-2024-58269: Rancher Manager audit log data exposureA vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs. |
|
| CVE-2023-32199 | Oct 29, 2025 |
Rancher Manager: Removing GlobalRole Leaves Admin AccessA vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs |
|
| CVE-2024-58260 | Oct 02, 2025 |
Rancher Manager: Missing Validation on .username Field Causes Denial of AccessA vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts. |
|
| CVE-2024-58267 | Oct 02, 2025 |
Rancher Manager CLI SAML Phishing VulnerabilityA vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Ranchers authentication tokens. |
|
| CVE-2025-54468 | Oct 02, 2025 |
Rancher Manager Header Leak via /meta/proxy (Impersonate-Extra-*)A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses. |
|
| CVE-2025-8077 | Sep 17, 2025 |
NeuVector <5.4.5 Default admin password exposes full API accessA vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs. |
|
| CVE-2025-54467 | Sep 17, 2025 |
NeuVector Process Rule Violation Logs Expose PasswordsWhen a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log. |
|
| CVE-2025-53884 | Sep 17, 2025 |
NeuVector unsalted hash vulnerable to rainbow table attacksNeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed). |
|
| CVE-2025-46811 | Jul 30, 2025 |
SUSE Manager RCE via /rhn/websocket/minion/remote-commands before 5.0.14A Missing Authentication for Critical Function vulnerability in SUSE Manager allows anyone with access to the websocket at /rhn/websocket/minion/remote-commands to execute arbitrary commands as root. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 0.3.7-150600.3.6.2; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 0.3.7-150400.3.39.4; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2. |
|
| CVE-2025-32463 | Jun 30, 2025 |
Sudo <1.9.17p1 LPE via chroot /etc/nsswitch.confSudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. |
And others... |
| CVE-2024-22036 | Apr 16, 2025 |
Rancher 2.7-2.9 PrivEsc via node driver chroot escape CVE-2024-22036A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development environments, based on a privileged Docker container, it is possible to escape the Docker container and gain execution access on the host system. This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3. |
|
| CVE-2023-32197 | Apr 16, 2025 |
Rancher RoleTemplate Priv Esc (external=true) <2.7.14, <2.8.5A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5. |
|
| CVE-2024-52281 | Apr 16, 2025 |
Stored XSS via Cluster Description Field in SUSE Rancher 2.9.0-2.9.3A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4. |
|
| CVE-2024-52280 | Apr 11, 2025 |
Rancher Underspecified Access via Generic PermissionsA Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b. |
|