Skip to main content

Rancher EUVDEUVD-2026-40327

| CVE-2026-44947 MEDIUM
Improper Preservation of Permissions (CWE-281)
2026-06-30 suse
6.9
CVSS 4.0 · Vendor: suse
Share

Severity by source

Vendor (suse) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Attacker is a project user (PR:L) exploiting stale bindings; AC:H reflects the specific precondition sequence required; no confidentiality or availability impact.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

Primary rating from Vendor (suse).

CVSS VectorVendor: suse

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 16:01 EUVD
Analysis Generated
Jun 30, 2026 - 15:22 vuln.today

DescriptionCVE.org

A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.

AnalysisAI

Privilege persistence in SUSE Rancher allows project users to retain Pod Security Admission (PSA) permissions even after an administrator revokes those permissions from a RoleTemplate, due to a missing cleanup step in the legacy Project Role Template Binding (PRTB) reconciler. Affected versions are Rancher 2.13.0 through 2.13.7 and 2.14.0 through 2.14.3. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Admin removes PSA perms from RoleTemplate
Delivery
Legacy PRTB reconciler skips binding cleanup
Exploit
Stale PSA RoleBinding persists in project namespace
Execution
User submits pod violating PSA policy
Persist
Pod deploys with unauthorized security context
Impact
Workload isolation boundary violated

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions: (1) the target Rancher deployment must use the legacy PRTB reconciler code path (relevant to Rancher 2.13.0-2.13.7 or 2.14.0-2.14.3); (2) a user must have previously been assigned a RoleTemplate that included PSA permissions via a PRTB; and (3) an administrator must have since removed those PSA permissions from the RoleTemplate without the reconciler cleaning up the residual PSA bindings. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N) yields a score of 6.9 (Medium). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A Rancher project user was previously granted a RoleTemplate that included Pod Security Admission permissions allowing privileged pod deployment. An administrator later removed those PSA permissions from the RoleTemplate, believing the user's access was revoked. …
Remediation Consult the vendor advisory at https://github.com/rancher/rancher/security/advisories/GHSA-c4rp-wgqc-mfhc for confirmed fix versions; based on the reported affected ranges (up to 2.13.7 and up to 2.14.3), fixed releases are expected to be 2.13.8 and 2.14.4 or later, but these versions have not been independently confirmed from the data provided. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy