CVE-2026-41052

Summary

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

Affected Software

VendorProductVersion RangeStatus
SUSERancher2.12.0 < 2.12.10affected
SUSERancher2.13.0 < 2.13.6affected
SUSERancher2.14.0 < 2.14.2affected

Weaknesses

  • CWE-305: CWE-305 Authentication bypass by primary weakness

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References