CVE-2026-41052
Rancher Privilege Escalation from Project Owner to Host
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
29 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
SUSE · RancherWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →