Description
An attacker with network-level access between the SUSE Virtualization
and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it
to bypass TLS as a security control.
Published: 2026-06-16
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in a flaw that allows an attacker with network‑level visibility between the SUSE Virtualization and Rancher Manager components to interfere with the TLS handshake, effectively bypassing the TLS security control. This flaw, classified as CWE‑295, can lead to a man‑in‑the‑middle attack that compromises confidentiality, and it also enables a denial‑of‑service condition if the handshake is manipulated. The attacker therefore can intercept traffic and potentially disrupt services.

Affected Systems

The affected product is SUSE Harvester, versions before 1.8.0. This vulnerability applies to all deployments where the Harvester registration client communicates with the Rancher Manager over the network.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity, but the EPSS score of <1% shows that exploitation is unlikely in the current environment, and the vulnerability is not listed in the CISA KEV catalog. The attack vector would be a network‑level attacker situated between the virtual host and the Rancher Manager, who could intercept and manipulate TLS handshakes. While the vulnerability does not grant code execution, it allows an eavesdropper to bypass encryption and may cause service interruption.

Generated by OpenCVE AI on June 17, 2026 at 21:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to SUSE Harvester 1.8.0 or newer to apply the fix that corrects the TLS handshake handling.
  • Ensure that the network path between Harvester and Rancher Manager is isolated and monitored for unauthorized traffic.
  • Enforce strict TLS certificate validation to reject any self‑signed or invalid certificates during registration.

Generated by OpenCVE AI on June 17, 2026 at 21:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pgh9-mpwc-8jjf Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
History

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Suse
Suse harvester
Vendors & Products Suse
Suse harvester

Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.
Title Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}

Subscriptions

Suse Harvester
cve-icon MITRE

Status: PUBLISHED

Assigner: suse

Published:

Updated: 2026-06-16T17:52:30.747Z

Reserved: 2026-03-03T12:54:04.008Z

Link: CVE-2025-71261

cve-icon Vulnrichment

Updated: 2026-06-16T17:52:26.836Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T17:16:30.193

Modified: 2026-06-16T17:37:16.933

Link: CVE-2025-71261

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T17:30:16Z

Weaknesses
  • CWE-295

    Improper Certificate Validation