{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-44934","assignerOrgId":"404e59f5-483d-4b8a-8e7a-e67604dd8afb","state":"PUBLISHED","assignerShortName":"suse","dateReserved":"2026-05-08T12:29:48.967Z","datePublished":"2026-07-06T08:45:26.864Z","dateUpdated":"2026-07-06T18:53:22.226Z"},"containers":{"cna":{"providerMetadata":{"orgId":"404e59f5-483d-4b8a-8e7a-e67604dd8afb","shortName":"suse","dateUpdated":"2026-07-06T08:53:57.978Z"},"title":"Exposed tokens in SUSE Rancher AI Agent logs","datePublic":"2026-05-28T08:53:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-215","description":"CWE-215 Insertion of sensitive information into debugging code","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"affected":[{"vendor":"SUSE","product":"Rancher","packageName":"Rancher AI Agent","repo":"https://github.com/rancher/rancher-ai-agent","versions":[{"status":"affected","version":"1.0.0","lessThan":"1.0.2","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials.","supportingMedia":[{"type":"text/html","base64":false,"value":"A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials."}]}],"references":[{"url":"https://github.com/rancher/rancher-ai-agent/security/advisories/GHSA-5r2r-h824-fr5v","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","subIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":7,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"}}],"configurations":[{"lang":"en","value":"loglevel set to DEBUG","supportingMedia":[{"type":"text/html","base64":false,"value":"loglevel set to DEBUG"}]}],"source":{"discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-07-06T18:53:12.072112Z","id":"CVE-2026-44934","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-07-06T18:53:22.226Z"}}]}}