CVE Catalog

CVE-2026-41053

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile — higher than 29% of all known CVEs

Summary

Incorrect authentication caching in the team membership expansion of the Rancher Github authentication provider caused granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.

Risk Assessment

The risk is that any logged-in user may gain unauthorized access to resources and functions they should not normally have, potentially leading to data confidentiality and integrity breaches.

Recommendation

It is recommended to immediately upgrade Rancher to version 2.13.6 or later (for the 2.13 branch) and 2.14.2 or later (for the 2.14 branch).

Original NVD description (English source)

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS