{"id":"CVE-2025-71261","summary":"Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS","details":"An attacker with network-level access between the SUSE Virtualization \nand Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it \nto bypass TLS as a security control.","aliases":["GHSA-pgh9-mpwc-8jjf","GO-2026-5538"],"modified":"2026-07-08T08:12:20.775606305Z","published":"2026-06-16T15:42:32.446Z","database_specific":{"cwe_ids":["CWE-295"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71261.json","cna_assigner":"suse"},"references":[{"type":"WEB","url":"https://github.com/harvester/harvester/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71261.json"},{"type":"ADVISORY","url":"https://github.com/harvester/harvester/security/advisories/GHSA-pgh9-mpwc-8jjf"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71261"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/harvester/harvester","events":[{"introduced":"0"},{"fixed":"1893eee6d50f520362a9a32297113410534bc7db"}],"database_specific":{"source":["AFFECTED_FIELD","DESCRIPTION"],"extracted_events":[{"introduced":"0"},{"fixed":"1.8"},{"fixed":"1.8.0"}]}}],"versions":["v1.8.0-dev-20260301","v1.8.0-dev-20260215","v1.8.0-dev-20260201","v1.8.0-dev-20260118","v1.8.0-dev-20260104","v1.7.0-dev-20251026","v1.7.0-dev-20251012","v1.7.0-dev-20250928","v1.7.0-dev-20250914","v1.7.0-dev-20250831","v0.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71261.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}]}