Authentication Bypass in Rancher GitHub Authentication Provider
CVE-2026-41053

8.8HIGH

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-41053?

An improper caching of authentication in the Rancher GitHub authentication provider leads to an authentication bypass, allowing any logged-in user to gain unauthorized access to resources. This affects Rancher versions 2.13 before 2.13.6 and 2.14 before 2.14.2, highlighting a critical need for users to update to the latest versions to mitigate this security risk.

Affected Version(s)

Rancher 2.14.0 < 2.14.2

Rancher 2.13.0 < 2.13.6

References

https://github.com/rancher/rancher/security/advisories/GH...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Apr 16, 2026

CVE-2026-41053 Data

JSON

Suse

What is CVE-2026-41053?

Affected Version(s)

References

CVSS V3.1

Timeline