Rancher PRTB Reconciler before 2.14.4 PSA retain flaw
CVE-2026-44947 Published on June 30, 2026
Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher
A missing clean-up in the legacy Project Role Template Binding (PRTB)
reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security
Admission (PSA) permissions after an administrator removes those
permissions from a RoleTemplate.
Weakness Type
Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Products Associated with CVE-2026-44947
Want to know whenever a new CVE is published for Suse Rancher? stack.watch will email you.
Affected Versions
SUSE Rancher:- Version 2.13.0 and below 2.13.7 is affected.
- Version 2.14.0 and below 2.14.3 is affected.