CVE-2026-41053

HIGH

Over-inclusive team membership expansion in GitHub App authentication provider for Rancher

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-41053. PoCs published by HermesNA-1.

AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-41053, an authentication bypass vulnerability in Rancher's GitHub authentication provider due to incorrect caching. The code includes placeholder logic for target probing but lacks actual exploit implementation.

Description

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-41053_incorrect_authentication_caching.py

This repository contains an auto-generated stub module for CVE-2026-41053, an authentication bypass vulnerability in Rancher's GitHub authentication provider due to incorrect caching. The code includes placeholder logic for target probing but lacks actual exploit implementation.

Classification
Stub 99%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: Rancher versions 2.13 before 2.13.6 and 2.x (unspecified)
No auth needed
Prerequisites: Target must be running a vulnerable version of Rancher with GitHub authentication provider enabled · Network access to the Rancher server (RHOSTS:RPORT)
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0037
EPSS Percentile 29.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-303
Status published
Products (6)
rancher/rancher 0 - 0.0.0-20260519172014-d0c047bbc6d2Go
rancher/rancher 2.13.0 - 2.13.6Go
rancher/rancher 2.14.0 - 2.14.2Go
SUSE/Rancher 2.13.0 - 2.13.6
suse/rancher 2.13.0 - 2.13.6
SUSE/Rancher 2.14.0 - 2.14.2
Published Jun 30, 2026
Tracked Since Jun 30, 2026