CVE-2026-44946

EUVD-2026-40304
A SAML authentication replay vulnerability in Rancher's Assertion
 Consumer Service (ACS) handler did not enforce 
one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
suseCNA
9.5 CRITICAL
NETWORK
HIGH
NONE
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H