CVE-2025-71261 | THREATINT

Description

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.

PUBLISHED Reserved 2026-03-03 | Published 2026-06-16 | Updated 2026-06-16 | Assigner suse

HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Problem types

CWE-295

Product status

Default status

unaffected

Any version before 1.8

affected

References

github.com/...vester/security/advisories/GHSA-pgh9-mpwc-8jjf vendor-advisory

cve.org (CVE-2025-71261)

nvd.nist.gov (CVE-2025-71261)

Download JSON