Rancher PRTB Reconciler before 2.14.4 PSA retain flaw
CVE-2026-44947 Published on June 30, 2026

Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher
A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.

Vendor Advisory NVD

Weakness Type

Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.


Products Associated with CVE-2026-44947

Want to know whenever a new CVE is published for Suse Rancher? stack.watch will email you.

 

Affected Versions

SUSE Rancher: