CVE-2026-41052
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
In Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10, users with the Project Owner role can exploit improper privilege handling to escalate their privileges.
Risk Assessment
The organization faces the risk of unauthorized privilege escalation by users with the Project Owner role, potentially leading to cluster takeover or security policy violations.
Recommendation
Immediately upgrade Rancher to version 2.14.2, 2.13.6, or 2.12.10 depending on the branch in use to remediate the vulnerability.
Original NVD description (English source)
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

