CVE-2026-44949
Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webhook service could submit a crafted admission payload and cause workspace-related Kubernetes objects to be created with attacker-chosen identity data.
| CWE | CWE-306 |
| Vendor | suse |
| Product | rancher |
| Published | Jun 30, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for suse rancher
Be the first to know when new unknown vulnerabilities affecting suse rancher are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
SUSE / Rancher
0.7.0 < 0.7.10 0.8.0 < 0.8.7 0.9.0 < 0.9.6 0.10.0 < 0.10.7