Cyber Resilience

CVE-2026-41052

Critical

Published: 29 June 2026

Published
29 June 2026
Modified
02 July 2026
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0032 23.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-41052 is a critical-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Suse Rancher. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE enables direct privilege escalation via software vulnerability exploitation by valid Project Owner accounts (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41054Shared CWE-305
CVE-2025-41733Shared CWE-305
CVE-2026-3047Shared CWE-305
CVE-2026-0869Shared CWE-305
CVE-2025-58382Shared CWE-305
CVE-2026-6266Shared CWE-305
CVE-2024-7557Shared CWE-305
CVE-2023-36497Shared CWE-305
CVE-2026-33892Shared CWE-305
CVE-2024-49587Shared CWE-305

Affected Assets

suse
rancher
2.12.0 — 2.12.10 · 2.13.0 — 2.13.6 · 2.14.0 — 2.14.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

Hardening callouts derived

Configuration rules from DISA STIG baselines that reduce the attack surface for weaknesses of the type cited by this CVE. Derived transitively via CVE→CWE→STIG over `controls_xwalks` (authoritative rows only).

Ubuntu 22.04 (1 rule)
  • V-260470 Ubuntu 22.04 LTS, when booted, must require authentication upon booting into single-user and maintenance modes. via CWE-305
Ubuntu 24.04 (1 rule)
  • V-270675 Ubuntu 24.04 LTS when booted must require authentication upon booting into single-user and maintenance modes. via CWE-305
Windows 10 (2 rules)
  • V-220812 Credential Guard must be running on Windows 10 domain-joined systems. via CWE-305
  • V-220865 The Windows Remote Management (WinRM) service must not use Basic authentication. via CWE-305

References