CVE-2026-41053
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
Incorrect authentication caching in the team membership expansion of the Rancher Github authentication provider caused granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
Risk Assessment
The risk is that any logged-in user may gain unauthorized access to resources and functions they should not normally have, potentially leading to data confidentiality and integrity breaches.
Recommendation
It is recommended to immediately upgrade Rancher to version 2.13.6 or later (for the 2.13 branch) and 2.14.2 or later (for the 2.14 branch).
Original NVD description (English source)
Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.

