Rancher <2.14.2 Improper Privilege Escalation via Project Owner Role
CVE-2026-41052 Published on June 29, 2026
Rancher Privilege Escalation from Project Owner to Host
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
Weakness Type
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Products Associated with CVE-2026-41052
Want to know whenever a new CVE is published for Suse Rancher? stack.watch will email you.
Affected Versions
SUSE Rancher:- Version 2.12.0 and below 2.12.10 is affected.
- Version 2.13.0 and below 2.13.6 is affected.
- Version 2.14.0 and below 2.14.2 is affected.