Description
Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
Published: 2026-06-30
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Rancher GitHub authentication provider contains an incorrect authentication caching bug that expands team membership too broadly, resulting in any logged‑in user being granted the principal access of a team member. This flaw allows authenticated users to obtain unauthorized privileges within Rancher services, representing a severe confidentiality and integrity threat. The weakness is classed as CWE‑303: Improper Restriction of Operations within the Bounds of a Resource.

Affected Systems

The vulnerability affects SUSE Rancher installations. Versions 2.13.x released before 2.13.6 and 2.14.x released before 2.14.2 contain the exploitable code.

Risk and Exploitability

The CVSS score of 8.8 indicates a high‑severity flaw. Because EPSS data is unavailable and the issue is not yet listed in CISA KEV, the exploit probability is uncertain but the scope is significant: any Rancher user with GitHub App authentication enabled could abuse the flaw. The likely attack vector is authenticated use of the GitHub App integration; an attacker would need to log in to Rancher with a GitHub account that triggers the buggy expansion to gain elevated rights.

Generated by OpenCVE AI on June 30, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Rancher to v2.13.6 or newer, or to v2.14.2 or newer, to receive the fixing patch.
  • If immediate upgrade is not possible, disable or remove the GitHub App authentication provider from the Rancher configuration until the patch can be applied.
  • Continuously monitor Rancher audit logs for anomalous role escalations and verify that only authorized users have elevated permissions.

Generated by OpenCVE AI on June 30, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Suse
Suse rancher
Vendors & Products Suse
Suse rancher

Tue, 30 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 30 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
Title Over-inclusive team membership expansion in GitHub App authentication provider for Rancher
Weaknesses CWE-303
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Suse Rancher
cve-icon MITRE

Status: PUBLISHED

Assigner: suse

Published:

Updated: 2026-06-30T12:09:00.467Z

Reserved: 2026-04-16T13:37:50.680Z

Link: CVE-2026-41053

cve-icon Vulnrichment

Updated: 2026-06-30T12:08:49.675Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T18:00:06Z

Weaknesses
  • CWE-303

    Incorrect Implementation of Authentication Algorithm