CVE-2026-41052

HIGH

Rancher Privilege Escalation from Project Owner to Host

Title source: cna
STIX 2.1

Description

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0032
EPSS Percentile 23.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-305
Status published
Products (8)
rancher/rancher 0 - 0.0.0-20260513182521-2800aaac25b5Go
rancher/rancher 2.12.0 - 2.12.10Go
rancher/rancher 2.13.0 - 2.13.6Go
rancher/rancher 2.14.0 - 2.14.2Go
SUSE/Rancher 2.12.0 - 2.12.10
suse/rancher 2.12.0 - 2.12.10
SUSE/Rancher 2.13.0 - 2.13.6
SUSE/Rancher 2.14.0 - 2.14.2
Published Jun 29, 2026
Tracked Since Jun 29, 2026