VDB
KO

GO-2026-5876

Rancher has Privilege Escalation from Project Owner to Host in github.com/rancher/rancher

Details

Rancher has Privilege Escalation from Project Owner to Host in github.com/rancher/rancher.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/rancher/rancher from v2.12.0 before v2.12.10, from v2.13.0 before v2.13.6, from v2.14.0 before v2.14.2.

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/rancher/rancher
Introduced in: 0 Fixed in: 0.0.0-20260513182521-2800aaac25b5
Fix go get github.com/rancher/rancher@v0.0.0-20260513182521-2800aaac25b5

References