Rancher 2.6.9 is installing Docker 20.10.17 from 2022-06-06.
The current version is 20.10.21 from 2022-10-25, so there's almost 5 months worth of bugfixes and security updates missing, including fixes for 3 CVEs with a score of 7.5 (High) in 20.10.19.
Rancher 2.6.9 is from 2022-10-18 and at least Docker 20.10.18 had been out for more than a month back then.
So I figured this must be something independent of the specific Rancher version.
I found out Rancher retrieves a file from an URL under releases.rancher.com and that version 20.10.17 is hardcoded in there: