CVE-2026-41053 · Rancher Manager GitHub App authentication provider over-expands GitHub organization team memberships

01 · The Real Story

This is a backstage pass bug that turns one low-level GitHub team badge into access for every team in the org

CVE-2026-41053 affects SUSE Rancher Manager / Rancher Manager when the GitHub App authentication provider is enabled. The CNA advisory says affected versions are >=2.14.0, <2.14.2 and >=2.13.0, <2.13.6; fixed releases are 2.14.2 and 2.13.6. The flaw is an authorization bug in team membership expansion: Rancher can hand a logged-in user group principals for all teams in the GitHub organization, not just the teams that user actually belongs to.

The raw CNA score of 8.8 High is too hot for real enterprise triage. In practice this is not unauthenticated remote compromise; it requires a valid GitHub account that is already a member of at least one team in the target org, a Rancher deployment using the newer GitHub App provider, and meaningful Rancher RBAC or login allowlist bindings tied to other teams in that same org. That makes it a dangerous post-auth privilege escalation / authorization bypass, but not a drop-everything internet fire.

"Serious if you use GitHub App auth, but this is a post-login privilege jump, not an internet-scale Rancher break."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Reach a Rancher instance that uses GitHub App auth

The attacker needs access to a Rancher Manager deployment where the GitHub App authentication provider is enabled. This is the narrowest gate in the chain: most Rancher estates do not expose every admin plane externally, and many use other identity providers instead of GitHub App auth.

Conditions required:

Target runs Rancher 2.13.0-2.13.5 or 2.14.0-2.14.1
GitHub App authentication provider is enabled
Attacker can reach the Rancher login surface

Where this breaks in practice:

Provider-specific exposure: local auth, SAML, OIDC, AD, and standard GitHub OAuth are out of scope
Rancher is often restricted to VPN, SSO portals, or internal admin networks

Detection/coverage: External scanners can fingerprint Rancher versions, but they generally cannot tell whether GitHub App auth is enabled.

STEP 02

Log in with any valid GitHub org team account

Per the advisory, the attacker must already hold a valid GitHub account with membership in at least one team in the target GitHub organization. This is not a spray-and-pray internet bug; it assumes insider access, contractor access, or prior compromise of a developer identity.

Conditions required:

Attacker has a valid GitHub account in the target organization
That account belongs to at least one GitHub team

Where this breaks in practice:

Requires an already-authorized org identity
MFA, device trust, and conditional access may block credential abuse before login

Detection/coverage: GitHub and IdP logs will show the login, but nothing at this stage is unique to the bug.

STEP 03

Trigger over-inclusive team expansion

The vulnerable authorization logic uses cached organization team data incorrectly and expands the user's effective team set to include all teams in the GitHub organization. Rancher then evaluates authorization against these inflated group principals instead of the user's real memberships.

Conditions required:

User authenticates through the GitHub App provider
Cached team data is present and processed by the vulnerable logic

Where this breaks in practice:

This is a logic flaw, not memory corruption; it only changes authorization outcomes where team-based checks exist
No direct host-level code execution or agent compromise occurs here

Detection/coverage: Traditional vuln scanners and EDR will miss this. Best detection is state inspection of Rancher group principals, auth provider configuration, and RBAC bindings tied to GitHub team principals.

STEP 04

Inherit privileged Rancher roles or pass login allowlists

If any other GitHub teams in that same organization are mapped to Rancher login allowlists or RBAC roles, the attacker can satisfy checks they should fail and inherit broader permissions. The impact can range from unintended project visibility to cluster-level or global administrative access, depending on how aggressively teams are bound in Rancher.

Conditions required:

Other GitHub teams in the org are mapped to allowedPrincipalIds or Rancher RBAC roles
Those mapped teams carry meaningful privileges

Where this breaks in practice:

Impact depends entirely on local team-to-role design; weak or minimal mappings cap the blast radius
Scope is limited to the affected Rancher instance and its downstream managed resources

Detection/coverage: Audit Rancher GlobalRoleBindings, ClusterRoleTemplateBindings, and ProjectRoleTemplateBindings that reference GitHub App team principals. Version scanners alone do not measure the real blast radius.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No public evidence of active exploitation found in accessible sources, and CISA KEV does not list this CVE. This currently looks like a disclosed access-control flaw, not a live mass-exploitation event.
PoC availability	No public PoC, exploit repo, or independent researcher writeup located in web search. The clearest technical detail is still the vendor/CNA advisory itself: GHSA-4j6x-2764-m8gh.
EPSS	No directly retrievable EPSS value surfaced in accessible web results for this CVE during assessment. Treat EPSS as unavailable, not as low.
KEV status and dates	Not KEV-listed per the CISA catalog. The GitHub advisory was published on 2026-05-27 and the SUSE CVE page was last modified on 2026-05-28.
CNA severity	Rancher's GitHub advisory assigns High 8.8 with `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`, while the SUSE CVE portal labels the issue moderate. That split is your clue that the base score overstates real-world reach.
Affected versions	Per the CNA advisory: `>=2.14.0, <2.14.2` and `>=2.13.0, <2.13.6`. The issue is specific to the GitHub App authentication provider, not every Rancher authentication mode.
Fixed versions	Fixed in Rancher v2.14.2 and Rancher v2.13.6. Release notes also state that upgrade triggers a mandatory refresh of affected user `principals` to rebuild team-derived access correctly.
Exposure population	This only hits deployments using the GitHub App provider, which Rancher documents as working only with GitHub Organization accounts. I did not locate reliable product-specific Shodan/Censys/FOFA counts for exposed vulnerable Rancher instances in accessible sources.
Blast radius	Best case, this leaks extra project or cluster visibility. Worst case, a low-privileged org team member can inherit cluster-level or global Rancher roles if those are bound to other GitHub teams in the same org.
Reporter / credits	The CNA advisory credits Yuremin and FORIMOC as finders.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to MEDIUM (6.5/10)

The decisive downgrade factor is that exploitation requires a valid member account inside the target GitHub organization plus a Rancher deployment using the specific GitHub App auth provider. This is a real privilege-escalation bug with potentially ugly impact, but it is still a feature-gated, post-auth authorization failure, not broad unauthenticated remote compromise.

HIGH Affected/fixed version ranges and exploit prerequisites from the CNA advisory

MEDIUM Real-world severity reassessment based on likely enterprise exposure and RBAC design variance

LOW Internet exposure population sizing, because no reliable product-specific scan counts were located

Why this verdict

Baseline starts high, then drops on attacker position: the CNA score is 8.8, but PR:L here really means a valid GitHub org member account already on at least one team. That is post-initial-access or insider territory, not a cold-start internet attacker.
Feature-gated exposure: only Rancher estates using the GitHub App authentication provider are in play. Organizations using local auth, OIDC, SAML, AD, or the standard GitHub provider are not hit by this path.
Impact is mapping-dependent: the bug only becomes dangerous when other GitHub teams in the same org are actually tied to Rancher allowedPrincipalIds or RBAC roles. No privileged team bindings, no meaningful privilege jump.
Blast radius can still be meaningful: when privileged teams are mapped, a low-tier GitHub team member can inherit project, cluster, or even global Rancher privileges. That is enough to expose kubeconfigs, secrets, workloads, and managed cluster operations.

Why not higher?

There is no unauthenticated path, no code execution, and no evidence of active exploitation. The attacker must already be a valid member of the target GitHub organization and the vulnerable population is narrowed further by a specific auth-provider choice and local RBAC design.

Why not lower?

This is still an authorization failure inside a control plane product. In environments that map powerful Rancher roles to GitHub teams, the outcome is not cosmetic; it can become real privilege escalation into cluster and project administration with downstream access to sensitive workloads and secrets.

05 · Compensating Control

What to do — in priority order.

Audit GitHub App usage — Identify Rancher instances using the GitHub App authentication provider and confirm whether they run affected versions. Because this is a MEDIUM finding, there is no mitigation SLA — go straight to the 365-day remediation window, but do this discovery work early so the issue does not disappear into backlog.
Trim team-based role bindings — Review GlobalRoleBindings, ClusterRoleTemplateBindings, ProjectRoleTemplateBindings, and login allowlists that reference GitHub App team principals, then remove unnecessary high-privilege mappings. There is no mitigation SLA — go straight to the 365-day remediation window, but this is the cleanest way to reduce blast radius before the upgrade lands.
Prefer alternate auth temporarily — If a high-risk Rancher instance heavily depends on GitHub team mappings, consider switching that instance to another supported auth provider or disabling GitHub App auth until the maintenance window. For a MEDIUM verdict there is no mitigation SLA — go straight to the 365-day remediation window; use this only where the RBAC design makes the risk non-trivial.
Review inherited access after upgrade — The fix triggers a principal refresh, so validate that formerly over-broad team-derived access is gone and privileged roles are still correctly assigned. There is no mitigation SLA — go straight to the 365-day remediation window, but post-upgrade verification matters because this bug lives in identity state, not just package version.

What doesn't work

A WAF or reverse proxy does not help; the flaw is in post-login authorization logic after a valid session exists.
MFA alone does not fix the authorization bug. It may stop some account takeovers, but a legitimate low-privileged org member would still be over-authorized on a vulnerable instance.
Network scanning alone is insufficient. A version hit does not tell you whether GitHub App auth is enabled or whether privileged GitHub team principals are actually mapped in Rancher.

06 · Verification

Crowdsourced verification payload.

Run this from an auditor/admin workstation that has kubectl access to the Kubernetes cluster hosting Rancher, for example: bash check-cve-2026-41053.sh cattle-system rancher. It needs read access to the Rancher deployment in the target namespace; no node shell or root access is required.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/usr/bin/env bash
# check-cve-2026-41053.sh
# Quick version gate for CVE-2026-41053 in Rancher Manager.
# Exit codes:
#   0 = PATCHED
#   1 = VULNERABLE
#   2 = UNKNOWN

set -u

NS="${1:-cattle-system}"
DEPLOY="${2:-rancher}"

fail_unknown() {
  echo "UNKNOWN: $1"
  exit 2
}

version_lt() {
  [ "$(printf '%s\n%s\n' "$1" "$2" | sort -V | head -n1)" = "$1" ] && [ "$1" != "$2" ]
}

version_ge() {
  ! version_lt "$1" "$2"
}

normalize_version() {
  echo "$1" | sed -E 's#^.*/##; s/^v//; s/@sha256:.*$//; s/-.*$//; s/[^0-9.].*$//'
}

is_affected() {
  local v="$1"
  if version_ge "$v" "2.13.0" && version_lt "$v" "2.13.6"; then
    return 0
  fi
  if version_ge "$v" "2.14.0" && version_lt "$v" "2.14.2"; then
    return 0
  fi
  return 1
}

command -v kubectl >/dev/null 2>&1 || fail_unknown "kubectl not found"

IMAGE="$(kubectl -n "$NS" get deploy "$DEPLOY" -o jsonpath='{.spec.template.spec.containers[0].image}' 2>/dev/null)"
[ -n "$IMAGE" ] || fail_unknown "could not read deployment $DEPLOY in namespace $NS"

RAW_TAG="${IMAGE##*:}"
VERSION="$(normalize_version "$RAW_TAG")"
[ -n "$VERSION" ] || fail_unknown "could not parse Rancher version from image: $IMAGE"

if is_affected "$VERSION"; then
  echo "VULNERABLE: Rancher version $VERSION falls in affected ranges (2.13.0-2.13.5 or 2.14.0-2.14.1). CVE reachability still depends on GitHub App auth being enabled."
  exit 1
fi

echo "PATCHED: Rancher version $VERSION is outside the affected ranges for CVE-2026-41053."
exit 0

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, find every Rancher management cluster running 2.13.0-2.13.5 or 2.14.0-2.14.1, then separate the ones that actually use GitHub App authentication from the ones that do not. This is a MEDIUM reassessment, so under the noisgate mitigation SLA there is no mitigation SLA — go straight to the 365-day remediation window; under the noisgate remediation SLA, upgrade affected instances to 2.13.6 or 2.14.2 within 365 days, but prioritize faster if those instances map privileged Rancher roles to GitHub teams.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.