CVE-2026-44934 PUBLISHED

Exposed tokens in SUSE Rancher AI Agent logs

Assigner: suse
Reserved: 08.05.2026 Published: 06.07.2026 Updated: 06.07.2026

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
CVSS Score: 7

Product Status

Vendor SUSE
Product Rancher
Versions Default: unaffected
  • affected from 1.0.0 to 1.0.2 (excl.)

Affected Configurations

loglevel set to DEBUG

References

Problem Types

  • CWE-215 Insertion of sensitive information into debugging code CWE

Impacts

  • CAPEC-233 Privilege Escalation