CVE-2026-44947

MEDIUM

Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-44947. PoCs published by HermesNA-1.

AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-44947, a missing clean-up vulnerability in Rancher's legacy Project Role Template Binding (PRTB) reconciler. The code includes placeholder methods (`check` and `run`) but lacks actual exploit implementation or technical details about the vulnerability mechanics.

Description

A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-44947_missing_clean-up.py

This repository contains an auto-generated stub module for CVE-2026-44947, a missing clean-up vulnerability in Rancher's legacy Project Role Template Binding (PRTB) reconciler. The code includes placeholder methods (`check` and `run`) but lacks actual exploit implementation or technical details about the vulnerability mechanics.

Classification
Stub 99%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3
No auth needed
Prerequisites: Network access to Rancher API (default port 80/443) · Legacy PRTB resources present in the target cluster
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v4 6.9
EPSS 0.0023
EPSS Percentile 13.7%
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-281
Status published
Products (2)
SUSE/Rancher 2.13.0 - 2.13.7
SUSE/Rancher 2.14.0 - 2.14.3
Published Jun 30, 2026
Tracked Since Jun 30, 2026