Skip to main content

Rancher EUVDEUVD-2026-40297

| CVE-2026-41053 HIGH
Incorrect Implementation of Authentication Algorithm (CWE-303)
2026-06-30 suse GHSA-4j6x-2764-m8gh
8.8
CVSS 3.1 · Vendor: suse
Share

Severity by source

Vendor (suse) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable management API (AV:N/AC:L), attacker must be a logged-in user (PR:L), no interaction; authorization bypass yields high control-plane confidentiality, integrity, and availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (suse).

CVSS VectorVendor: suse

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 13:01 EUVD
Analysis Generated
Jun 30, 2026 - 12:17 vuln.today

DescriptionCVE.org

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.

AnalysisAI

Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal access they should not hold, because the GitHub authentication provider incorrectly caches the result of team membership expansion. The flaw (CWE-303, CVSS 8.8) means a low-privileged GitHub-authenticated user can be granted access tied to other principals/teams, effectively bypassing intended authorization. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged GitHub user
Delivery
Trigger team-membership expansion in GitHub auth
Exploit
Receive cached principal of another user
Execution
Gain unauthorized cluster/project access
Impact
Read secrets or alter workloads

Vulnerability AssessmentAI

Exploitation Exploitation requires that Rancher be configured to use the GitHub authentication provider (the vulnerable team-membership-expansion path) and that the attacker possess a valid logged-in session (PR:L) - it is not anonymous/unauthenticated. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H = 8.8 High) indicates network-reachable, low-complexity exploitation requiring only low privileges and no user interaction, with high confidentiality, integrity, and availability impact - consistent with an authenticated user gaining unauthorized principal access in a cluster-management plane. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who holds any valid GitHub-backed Rancher login authenticates to the Rancher server; due to the faulty team-membership cache, Rancher serves them principal access belonging to another user/team, granting cluster or project rights they were never assigned. Leveraging that elevated principal, the attacker reads secrets or modifies workloads across clusters they should not control. …
Remediation Vendor-released patch: upgrade Rancher to 2.13.6 (for the 2.13 line) or 2.14.2 (for the 2.14 line) as the primary fix; consult the SUSE/Rancher advisory at https://github.com/rancher/rancher/security/advisories/GHSA-4j6x-2764-m8gh for upgrade guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all Rancher instances running versions 2.13.x (before 2.13.6) or 2.14.x (before 2.14.2) and immediately disable GitHub authentication provider; switch to alternative auth (OIDC, local accounts, or other providers). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40297 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy