Rancher <2.14.2 Improper Privilege Escalation via Project Owner Role
CVE-2026-41052 Published on June 29, 2026

Rancher Privilege Escalation from Project Owner to Host
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

Vendor Advisory NVD

Weakness Type

Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.


Products Associated with CVE-2026-41052

Want to know whenever a new CVE is published for Suse Rancher? stack.watch will email you.

 

Affected Versions

SUSE Rancher: