CVE-2026-44947 PUBLISHED

Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher

Assigner: suse
Reserved: 08.05.2026 Published: 30.06.2026 Updated: 30.06.2026

A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
CVSS Score: 6.9

Product Status

Vendor SUSE
Product Rancher
Versions Default: unaffected
  • affected from 2.13.0 to 2.13.7 (excl.)
  • affected from 2.14.0 to 2.14.3 (excl.)

Credits

  • Isaac David finder

References

Problem Types

  • CWE-281 Improper preservation of permissions CWE

Impacts

  • CAPEC-115 Authentication Bypass