Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Requires an authenticated but only project-scoped Project Owner role (PR:L not PR:H), escalation crosses the authorization boundary into the cluster (S:C), yielding full C/I/A impact.
Primary rating from Vendor (suse).
CVSS VectorVendor: suse
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
AnalysisAI
Privilege escalation in SUSE Rancher (Kubernetes management platform) allows a user holding the Project Owner role to improperly escalate their privileges beyond their assigned project scope, per advisory GHSA-vx8h-4prv-g744. Affected releases are 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already possess the Rancher Project Owner role on at least one project within an affected instance (2.14<2.14.2, 2.13<2.13.6, or 2.12<2.12.10); it is not exploitable by anonymous or unauthenticated users. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N) with full high impact to both the vulnerable system (VC/VI/VA:H) and subsequent systems (SC/SI/SA:H) drives the 9.4 score, reflecting that a successful escalation grants broad control across the managed cluster. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An insider or attacker who has compromised an account holding the Project Owner role in a Rancher-managed project leverages the improper privilege handling to act beyond their project boundary and gain elevated control over the cluster. Because the CVSS vector is network attack vector with low complexity and no user interaction, the operation can be performed directly through Rancher's API/UI once the role is held. … |
| Remediation | Vendor-released patch: upgrade to Rancher 2.14.2, 2.13.6, or 2.12.10 (or later) depending on your current minor branch, as documented in advisory https://github.com/rancher/rancher/security/advisories/GHSA-vx8h-4prv-g744. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all SUSE Rancher deployments and identify instances running affected versions (2.12.0-2.12.9, 2.13.0-2.13.5, 2.14.0-2.14.1). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no
SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a v
Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -ski
Authentication bypass in SUSE Rancher's in-cluster admission webhook (rancher-webhook) lets a network-adjacent, unauthen
Privilege persistence in SUSE Rancher allows project users to retain Pod Security Admission (PSA) permissions even after
Path traversal in Rancher Fleet's ImageScan subsystem (CWE-23) allows authenticated remote attackers to escape intended
Same weakness CWE-305 – Authentication Bypass by Primary Weakness
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40130
GHSA-vx8h-4prv-g744