Rancher 2.13/2.14 Auth Caching Grants Admin Access to Any User
CVE-2026-41053 Published on June 30, 2026
Over-inclusive team membership expansion in GitHub App authentication provider for Rancher
Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
Vulnerability Analysis
CVE-2026-41053 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Incorrect Implementation of Authentication Algorithm
The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. This incorrect implementation may allow authentication to be bypassed.
Products Associated with CVE-2026-41053
Want to know whenever a new CVE is published for Suse Rancher? stack.watch will email you.
Affected Versions
SUSE Rancher:- Version 2.14.0 and below 2.14.2 is affected.
- Version 2.13.0 and below 2.13.6 is affected.