Threat Advisory

Rancher Vulnerability Enables Cluster Privilege Escalation

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Rancher, the container management platform, affecting versions 2.12.10, 2.13.6, and 2.14.2. The flaws span privilege escalation via project role misuse, improper GitHub App authentication leading to unauthorized group permissions, and remote command injection through unsanitized YAML parameters in the cluster import endpoint. Exploitation can allow attackers to deploy privileged containers, gain broad access across Kubernetes clusters, and execute arbitrary code with cluster‑admin rights. For organizations relying on Rancher to orchestrate workloads, these weaknesses jeopardize data confidentiality, integrity, and availability, potentially resulting in full control of production environments.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Rancher, the container management platform, affecting versions 2.12.10, 2.13.6, and 2.14.2. The flaws span privilege escalation via project role misuse, improper GitHub App authentication leading to unauthorized group permissions, and remote command injection through unsanitized YAML parameters in the cluster import endpoint. Exploitation can allow attackers to deploy privileged containers, gain broad access across Kubernetes clusters, and execute arbitrary code with cluster‑admin rights. For organizations relying on Rancher to orchestrate workloads, these weaknesses jeopardize data confidentiality, integrity, and availability, potentially resulting in full control of production environments.[emaillocker id="1283"]

  • CVE-2026-41052 – A local user with the Project Owner role can modify Pod Security Admission settings to deploy privileged containers, bypassing Kubernetes isolation and enabling cluster‑wide privilege escalation. Exploitation requires authenticated access with the affected role.
  • CVE-2026-44939 – Remote command injection is possible through unsanitized YAML parameters in the cluster import endpoint, allowing an attacker to inject a malicious DaemonSet that runs on control‑plane nodes with hostNetwork enabled. Successful exploitation yields arbitrary code execution with cluster‑admin privileges.

These vulnerabilities collectively expose Rancher‑managed Kubernetes clusters to full compromise, demanding immediate attention from leadership. If exploited, attackers can gain unrestricted control over workloads, exfiltrate data, and disrupt services, leading to severe operational and reputational damage. Prompt executive action is essential to protect critical infrastructure.

RECOMMENDATION:

  • We recommend you to update Rancher to version v2.12.10. We recommend you to update Rancher to version v2.13.6. We recommend you to update Rancher to version v2.14.2.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/rancher-security-flaws-cluster-privilege-escalation/

[/emaillocker]
crossmenu