GHSA-VX8H-4PRV-G744
Vulnerability from github – Published: 2026-07-01 20:57 – Updated: 2026-07-01 20:57Impact
A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission (PSA) labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this issue: 1. Cluster Access: The user is granted Cluster Member access. 2. Project Ownership: The user creates or is assigned ownership of a project. 3. Namespace Creation: The user creates a namespace within that project. 4. PSA Modification: The user modifies the namespace PSA configuration to use the privileged profile. 5. Privilege Escalation: The user deploys privileged workloads within the namespace.
As outlined in the Kubernetes Pod Security Standards documentation, privileged containers disable core Kubernetes security protections, allowing workloads to bypass standard container isolation boundaries. This can result in privilege escalation within the cluster environment.
Potential impacts include: - Deployment of privileged containers - Access to host-level resources - Container breakout - Cluster privilege escalation - Compromise of workloads running on affected nodes
Please refer to the associated MITRE ATT&CK techniques for further information about this category of attack: - Deploy Container - Escape to Host - Exploitation for Privilege Escalation
Reference: Kubernetes Pod Security Standards — Privileged Profile
Patches
This vulnerability is resolved by modifying the project-owner role to explicitly define the allowed verbs for projects resources instead of using the wildcard (*) permission.
The updated role configuration removes access to the updatepsa verb. This prevents project owners from modifying PSA settings in a manner that could enable privilege escalation.
Patched versions of Rancher include releases v2.12.10, v2.13.6, and v2.14.2.
Workarounds
If upgrading is not immediately possible, administrators should create a custom project role based on the existing Project Owner role, while removing unrestricted wildcard permissions for project resources.
The allowed verbs for projects should be restricted to: “get, update, delete, patch, create, list, watch, deletecollection” instead of “*”.
This prevents access to the updatepsa capability that enables the privilege escalation path.
References
If you have any questions or comments about this advisory: - Reach out to the SUSE Rancher Security team for security related inquiries. - Open an issue in the Rancher repository. - Verify with our support matrix and product support lifecycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.14.0"
},
{
"fixed": "2.14.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.13.0"
},
{
"fixed": "2.13.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.12.0"
},
{
"fixed": "2.12.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20260513182521-2800aaac25b5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41052"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T20:57:49Z",
"nvd_published_at": "2026-06-29T16:16:39Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nA vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission (PSA) labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this issue:\n1. **Cluster Access:** The user is granted Cluster Member access.\n2. **Project Ownership:** The user creates or is assigned ownership of a project.\n3. **Namespace Creation:** The user creates a namespace within that project.\n4. **PSA Modification:** The user modifies the namespace PSA configuration to use the privileged profile.\n5. **Privilege Escalation:** The user deploys privileged workloads within the namespace.\n\nAs outlined in the [Kubernetes Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/) documentation, `privileged` containers disable core Kubernetes security protections, allowing workloads to bypass standard container isolation boundaries. This can result in privilege escalation within the cluster environment.\n\nPotential impacts include:\n- Deployment of privileged containers\n- Access to host-level resources\n- Container breakout\n- Cluster privilege escalation\n- Compromise of workloads running on affected nodes\n\nPlease refer to the associated MITRE ATT\u0026CK techniques for further information about this category of attack:\n- [Deploy Container](https://attack.mitre.org/techniques/T1610/)\n- [Escape to Host](https://attack.mitre.org/techniques/T1611/)\n- [Exploitation for Privilege Escalation](https://attack.mitre.org/techniques/T1068)\n\nReference:\n[Kubernetes Pod Security Standards \u2014 Privileged Profile](https://kubernetes.io/docs/concepts/security/pod-security-standards/#privileged)\n\n### Patches\nThis vulnerability is resolved by modifying the `project-owner` role to explicitly define the allowed verbs for `projects` resources instead of using the wildcard `(*)` permission.\n\nThe updated role configuration removes access to the `updatepsa` verb. This prevents project owners from modifying PSA settings in a manner that could enable privilege escalation.\n\nPatched versions of Rancher include releases `v2.12.10`, `v2.13.6`, and `v2.14.2`.\n\n### Workarounds\nIf upgrading is not immediately possible, administrators should create a custom project role based on the existing Project Owner role, while removing unrestricted wildcard permissions for project resources.\n\nThe allowed verbs for projects should be restricted to: \u201c`get`, `update`, `delete`, `patch`, `create`, `list`, `watch`, `deletecollection`\u201d instead of \u201c`*`\u201d.\n\nThis prevents access to the `updatepsa` capability that enables the privilege escalation path.\n\n### References\nIf you have any questions or comments about this advisory:\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
"id": "GHSA-vx8h-4prv-g744",
"modified": "2026-07-01T20:57:49Z",
"published": "2026-07-01T20:57:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-vx8h-4prv-g744"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41052"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/pull/55061"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/commit/2800aaac25b5a2c448f800e1f46d"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rancher"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Rancher has Privilege Escalation from Project Owner to Host"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.