Critical Privilege Escalation Vulnerability in Rancher Manager
A critical vulnerability (CVE-2026-41052) with a CVSS score of 9.4 has been identified in Rancher Manager, allowing users with the Project Owner role to escalate privileges to the host level. This vulnerability is exploitable under specific access patterns, enabling attackers to deploy privileged containers, access host-level resources, and potentially compromise the entire cluster. The vulnerability has not been actively exploited but requires immediate attention. Affected versions can be patched by upgrading to Rancher versions v2.12.10, v2.13.6, or v2.14.2.