Path Traversal in Rancher Local Path Provisioner Enables Host Filesystem Compromise Across K3s Clusters
Complete Cloud Security in Minutes – Orca Security
2026-02-10 23:13:11
收藏
Introduction A critical vulnerability (CVE-2025-62878, CVSS 10.0) was disclosed on February 4, 2026 affecting all versions of Rancher’s Local Path Provisioner prior to v0.0.34, the default storage backend for every K3s cluster. The flaw allows authenticated attackers to read, write, and delete arbitrary directories on the underlying host filesystem by injecting traversal sequences into a […]
The post Path Traversal in Rancher Local Path Provisioner Enables Host Filesystem Compromise Across K3s Clusters appeared first on Orca Security.
目录
最新
- HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines
- Post-Exploitation at Scale: The Rise of AILM
- Top 5 Takeaways from the Webinar on Agentic AI and Cloud Native Protection
- Unlocking Kubernetes Security: Insights from Our Session at SANS Kubernetes & CNAPP Forum
- Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access
- The Future of AppSec: AI, Context, and Action
- Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments
- Building Application Security from the Ground Up: An Organizational Approach