CVE-2026-44949

EUVD-2026-40335
A Rancher FleetWorkspace admission path allowed side effects to occur in
 the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to
 the in-cluster rancher-webhook service
 could submit a crafted admission payload and cause workspace-related 
Kubernetes objects to be created with attacker-chosen identity data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
suseCNA
7 HIGH
NETWORK
LOW
LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
suserancher
0.7.0 ≤
𝑥
< 0.7.10
CNA
suserancher
0.8.0 ≤
𝑥
< 0.8.7
CNA
suserancher
0.9.0 ≤
𝑥
< 0.9.6
CNA
suserancher
0.10.0 ≤
𝑥
< 0.10.7
CNA