CVE-2026-44947

Summary

A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.

Affected Software

VendorProductVersion RangeStatus
SUSERancher2.13.0 < 2.13.7affected
SUSERancher2.14.0 < 2.14.3affected

Weaknesses

  • CWE-281: CWE-281 Improper preservation of permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References