CRITICAL🇵🇱 Wersja polska

CVE-2026-41052

CVSS 9.4v4.0pub. 2026-06-29upd. 2026-07-02

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • SUSE Rancher

    APP
    Suse
    2.12.0 – 2.12.10 (bez)2.13.0 – 2.13.6 (bez)2.14.0 – 2.14.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2026-44946CRITICAL9.5ten sam produkt

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enfo...

CVE-2023-22647CRITICAL9.9ten sam produkt

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existi...

CVE-2023-22651CRITICAL9.9ten sam produkt

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the upda...

CVE-2022-43757CRITICAL9.9ten sam produkt

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to...

CVE-2021-36782CRITICAL9.9ten sam produkt

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners...