CVE-2026-41053
HIGHOver-inclusive team membership expansion in GitHub App authentication provider for Rancher
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-41053. PoCs published by HermesNA-1.
AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-41053, an authentication bypass vulnerability in Rancher's GitHub authentication provider due to incorrect caching. The code includes placeholder logic for target probing but lacks actual exploit implementation.
Description
Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
Exploits (1)
This repository contains an auto-generated stub module for CVE-2026-41053, an authentication bypass vulnerability in Rancher's GitHub authentication provider due to incorrect caching. The code includes placeholder logic for target probing but lacks actual exploit implementation.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H