CVE-2026-41053

Summary

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.

Affected Software

VendorProductVersion RangeStatus
SUSERancher2.14.0 < 2.14.2affected
SUSERancher2.13.0 < 2.13.6affected

Weaknesses

  • CWE-303: CWE-303 Incorrect implementation of authentication algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References