Platform
kubernetes
Component
rancher
Fixed in
2.7.16
2.8.9
2.9.3
CVE-2024-22036 describes a Remote Code Execution (RCE) vulnerability within the Rancher Kubernetes management platform. This flaw allows an attacker leveraging a cluster or node driver to escape the chroot jail and achieve root access to the Rancher container itself. The vulnerability impacts Rancher versions 2.7.0 through 2.9.3 and has been addressed in version 2.9.3.
The impact of CVE-2024-22036 is severe. Successful exploitation allows an attacker to gain root access within the Rancher container, enabling them to execute arbitrary code. In production environments, this could lead to privilege escalation and compromise of sensitive data. In test and development environments utilizing privileged Docker containers, the attacker can escape the container entirely and gain execution access on the host system, potentially leading to full system compromise. This vulnerability resembles container escape exploits, allowing attackers to move laterally and potentially impact other systems connected to the network.
CVE-2024-22036 is currently not listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is not yet publicly available, but the vulnerability's severity and potential impact suggest a medium probability of exploitation. The vulnerability was publicly disclosed on 2025-04-16.
Exploit Status
EPSS
0.17% (39% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-22036 is to upgrade Rancher to version 2.9.3 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls and network segmentation to limit the potential blast radius of a successful attack. Review and restrict the permissions granted to cluster and node drivers. While a WAF or proxy cannot directly prevent this container escape, it can help mitigate the impact by limiting exposure of vulnerable endpoints. After upgrading, verify the fix by attempting to execute a malicious driver command and confirming that it is blocked.
Update Rancher to version 2.7.16, 2.8.9, or 2.9.3, or a later version, to fix the vulnerability. This will prevent privilege escalation and remote code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-22036 is a critical Remote Code Execution vulnerability affecting Rancher versions 2.7.0–2.9.3, allowing attackers to escape the chroot jail and gain root access.
You are affected if you are running Rancher versions 2.7.0 through 2.9.3. Upgrade to 2.9.3 or later to mitigate the risk.
Upgrade Rancher to version 2.9.3 or later. If immediate upgrade is not possible, implement stricter access controls and network segmentation.
While no active exploitation has been confirmed, the vulnerability's severity and potential impact suggest a medium probability of exploitation.
Refer to the official Rancher security advisory for detailed information and updates: [https://www.rancher.com/security/](https://www.rancher.com/security/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.