Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Rancher

Rancher Vendor Cyber Rating & Cyber Score

rancher.com

Rancher, a proud member of the SUSE family since 2020, creates open source container management solutions that streamline software development and simplify IT operations for enterprises. The flagship product, Rancher, offers a comprehensive container management platform that allows teams to deploy, manage, and secure containers seamlessly across any infrastructure. With over 40 million downloads and enterprise-grade support, SUSE Rancher is the top open source platform for running and managing containers in production environments.


Rancher A.I CyberSecurity Scoring

Rancher
Company Information
Website:http://www.rancher.com
Employees number:201
Number of followers:65,127
NAICS:5112
Industry Type:Software Development
Homepage:rancher.com
Rancher Risk Score (AI oriented)
Between 750 and 799
logo
RancherSoftware Development
Updated:
10/03/2026
752/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Rancher Global Score (TPRM)
xxxx
logo
RancherSoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Rancher
RancherFair
Current Score
752Baa (FAIR)
01000
1 incidents
-2 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
753Before Incident
JUNE 2026
753Before Incident
MAY 2026
753Before Incident
APRIL 2026
752Before Incident
MARCH 2026
752Before Incident
FEBRUARY 2026
752Before Incident
JANUARY 2026
754Before Incident
Vulnerability
28 Jan 2026Rancher
Rancher: Rancher Manager Security Bug Could Allow Attackers to Steal Admin Credentials

High-Severity Flaw in Rancher Manager Exposes Admin Credentials via MITM Attacks

752After Incident
CRITICAL-2
RAN1770216204
High-Severity Flaw in Rancher Manager Exposes Admin Credentials via MITM Attacks A newly disclosed vulnerability in Rancher Manager, tracked as CVE-2025-67601 (advisory GHSA-mc24-7m59-4q5p), could allow attackers to intercept administrator login credentials during Rancher CLI operations. The flaw, rated High severity, was published last week by security researcher samjustus. The issue affects Rancher Manager packages in the Go ecosystem, specifically within the github.com/rancher/rancher repository. It occurs when users log into the Rancher CLI using the command `rancher login` with the `--skip-verify` flag but without the `--cacert` flag. Under these conditions, the CLI fetches CA certificates from Rancher Manager’s internal settings (`cacerts`), bypassing TLS validation. This creates a Man-in-the-Middle (MITM) attack vector, where a remote attacker positioned between the CLI and Rancher Manager could intercept basic authentication headers and session tokens during login. The vulnerability stems from improper TLS certificate validation, as the `--skip-verify` flag disables server certificate checks while the CLI automatically retrieves trusted CA certificates from Rancher Manager. An attacker could exploit this by injecting a malicious CA certificate, impersonating a trusted service and compromising the confidentiality and integrity of Rancher clusters. This aligns with MITRE ATT&CK technique T1557 (Man-in-the-Middle), enabling credential theft or unauthorized cluster configuration changes. Affected Versions & Mitigation The Rancher team has released patched versions to address the flaw by removing automatic CA certificate fetching during login: - v2.13.2 - v2.12.6 - v2.11.10 - v2.10.11 Until upgrades are applied, administrators should always include the `--cacert` flag with a valid CA certificate when using `rancher login`, particularly in environments with self-signed CAs. Security teams are advised to assess whether Rancher CLI connections traverse untrusted networks and prioritize updates to the latest stable release.
INCIDENT DETAILS -
TYPE
Vulnerability Exploitation
IMPACT
Data Compromised: Administrator login credentials (basic authentication headers and session tokens)Systems Affected: Rancher Manager clustersOperational Impact: Unauthorized cluster configuration changes, potential compromise of Rancher clustersIdentity Theft Risk: High (if credentials are intercepted)
DATA BREACH
Type Of Data Compromised: Authentication credentials (basic auth headers, session tokens)Sensitivity Of Data: High
DECEMBER 2025
754Before Incident
NOVEMBER 2025
754Before Incident
OCTOBER 2025
754Before Incident
SEPTEMBER 2025
754Before Incident
AUGUST 2025
754Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Rancher ?
?
What was Rancher's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Rancher's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Rancher's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Rancher's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Rancher's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Rancher's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Rancher's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Rancher's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Rancher's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Rancher's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Rancher's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Rancher's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Rancher ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Rancher's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?