CVE-2026-44947
Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.9EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
30 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A missing clean-up in the legacy Project Role Template Binding (PRTB)
reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security
Admission (PSA) permissions after an administrator removes those
permissions from a RoleTemplate.
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
Affected products
SUSE · Rancher