CVE Catalog

CVE-2026-41052

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile — higher than 24% of all known CVEs

Summary

In Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10, users with the Project Owner role can exploit improper privilege handling to escalate their privileges.

Risk Assessment

The organization faces the risk of unauthorized privilege escalation by users with the Project Owner role, potentially leading to cluster takeover or security policy violations.

Recommendation

Immediately upgrade Rancher to version 2.14.2, 2.13.6, or 2.12.10 depending on the branch in use to remediate the vulnerability.

Original NVD description (English source)

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS