{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-44947", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "state": "PUBLISHED", "assignerShortName": "suse", "dateReserved": "2026-05-08T12:29:48.969Z", "datePublished": "2026-06-30T14:21:01.291Z", "dateUpdated": "2026-06-30T15:03:44.276Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-06-30T14:21:01.291Z"}, "title": "Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher", "datePublic": "2026-06-29T14:20:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-281", "description": "CWE-281 Improper preservation of permissions", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "affected": [{"vendor": "SUSE", "product": "Rancher", "packageName": "Rancher", "repo": "https://github.com/rancher/rancher/", "versions": [{"status": "affected", "version": "2.13.0", "lessThan": "2.13.7", "versionType": "semver"}, {"status": "affected", "version": "2.14.0", "lessThan": "2.14.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate."}]}], "references": [{"url": "https://github.com/rancher/rancher/security/advisories/GHSA-c4rp-wgqc-mfhc", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"}}], "credits": [{"lang": "en", "value": "Isaac David", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-30T15:03:37.236401Z", "id": "CVE-2026-44947", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T15:03:44.276Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-44947", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-30T15:03:37.236401Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T15:03:39.798Z"}}], "cna": {"title": "Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Isaac David"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/rancher/rancher/", "vendor": "SUSE", "product": "Rancher", "versions": [{"status": "affected", "version": "2.13.0", "lessThan": "2.13.7", "versionType": "semver"}, {"status": "affected", "version": "2.14.0", "lessThan": "2.14.3", "versionType": "semver"}], "packageName": "Rancher", "defaultStatus": "unaffected"}], "datePublic": "2026-06-29T14:20:00.000Z", "references": [{"url": "https://github.com/rancher/rancher/security/advisories/GHSA-c4rp-wgqc-mfhc", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate.", "supportingMedia": [{"type": "text/html", "value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-281", "description": "CWE-281 Improper preservation of permissions"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-06-30T14:21:01.291Z"}}}, "cveMetadata": {"cveId": "CVE-2026-44947", "state": "PUBLISHED", "dateUpdated": "2026-06-30T15:03:44.276Z", "dateReserved": "2026-05-08T12:29:48.969Z", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "datePublished": "2026-06-30T14:21:01.291Z", "assignerShortName": "suse"}, "dataVersion": "5.2"}

{}

{}

{"created": "2026-06-30T16:30:16.050691+00:00", "updated": "2026-06-30T16:30:16.050696+00:00", "vendors": []}