CVE-2026-44947

Source
https://cve.org/CVERecord?id=CVE-2026-44947
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44947.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44947
Aliases
  • GHSA-c4rp-wgqc-mfhc
Published
2026-06-30T14:21:01.291Z
Modified
2026-07-15T01:49:21.149393911Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N CVSS Calculator
Summary
Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher
Details

A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.

Database specific
{
    "cwe_ids": [
        "CWE-281"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44947.json",
    "cna_assigner": "suse"
}
References

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type
GIT
Repo
https://github.com/rancher/rancher
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.13.0"
        },
        {
            "fixed": "2.13.7"
        },
        {
            "introduced": "2.14.0"
        },
        {
            "fixed": "2.14.3"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v2.*
v2.13.0
v2.13.0-rc4
v2.13.1
v2.13.1-alpha1
v2.13.1-alpha2
v2.13.1-alpha3
v2.13.1-alpha4
v2.13.1-alpha5
v2.13.1-alpha6
v2.13.1-alpha7
v2.13.1-rc1
v2.13.2
v2.13.2-alpha1
v2.13.2-alpha2
v2.13.2-alpha3
v2.13.2-alpha4
v2.13.2-alpha5
v2.13.2-alpha6
v2.13.2-alpha7
v2.13.2-rc1
v2.13.2-rc2
v2.13.3
v2.13.3-alpha1
v2.13.3-alpha2
v2.13.3-alpha3
v2.13.3-alpha4
v2.13.3-alpha5
v2.13.3-alpha6
v2.13.3-rc1
v2.13.3-rc2
v2.13.3-rc3
v2.13.4
v2.13.4-alpha1
v2.13.4-alpha2
v2.13.4-alpha3
v2.13.4-alpha4
v2.13.4-alpha5
v2.13.4-rc1
v2.13.5
v2.13.5-alpha1
v2.13.5-alpha2
v2.13.5-alpha3
v2.13.5-alpha4
v2.13.5-alpha5
v2.13.5-alpha6
v2.13.5-alpha7
v2.13.5-rc1
v2.13.6
v2.13.6-alpha1
v2.13.6-alpha2
v2.13.6-alpha3
v2.13.6-alpha4
v2.13.6-alpha5
v2.13.6-alpha6
v2.13.6-rc1
v2.13.7-alpha1
v2.13.7-alpha2
v2.13.7-alpha3
v2.13.7-alpha4
v2.13.7-alpha5
v2.13.7-alpha6
v2.13.7-alpha7
v2.13.7-rc1
v2.14.0
v2.14.1
v2.14.1-alpha1
v2.14.1-alpha10
v2.14.1-alpha11
v2.14.1-alpha12
v2.14.1-alpha13
v2.14.1-alpha14
v2.14.1-alpha2
v2.14.1-alpha3
v2.14.1-alpha4
v2.14.1-alpha5
v2.14.1-alpha6
v2.14.1-alpha7
v2.14.1-alpha8
v2.14.1-alpha9
v2.14.1-rc1
v2.14.1-rc2
v2.14.2
v2.14.2-alpha1
v2.14.2-alpha2
v2.14.2-alpha3
v2.14.2-alpha4
v2.14.2-alpha5
v2.14.2-alpha6
v2.14.2-alpha7
v2.14.2-alpha8
v2.14.2-rc1
v2.14.3-alpha1
v2.14.3-alpha2
v2.14.3-alpha3
v2.14.3-alpha4
v2.14.3-alpha5
v2.14.3-alpha6
v2.14.3-rc1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44947.json"