{"id":81272,"date":"2026-06-30T15:08:25","date_gmt":"2026-06-30T11:38:25","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-41053-over-inclusive-team-membership-expansion-in-github-app-authentication-provider-for-rancher\/"},"modified":"2026-06-30T15:08:25","modified_gmt":"2026-06-30T11:38:25","slug":"cve-2026-41053-over-inclusive-team-membership-expansion-in-github-app-authentication-provider-for-rancher","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-41053-over-inclusive-team-membership-expansion-in-github-app-authentication-provider-for-rancher\/","title":{"rendered":"CVE-2026-41053 &#8211; Over-inclusive team membership expansion in GitHub App authentication provider for Rancher"},"content":{"rendered":"<p>CVE ID :CVE-2026-41053<\/p>\n<p>  Published : June 30, 2026, 11:38 a.m. | 7\u00a0minutes ago<\/p>\n<p>  Description :Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.<\/p>\n<p>  Severity: 8.8 | HIGH<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-41053 Published : June 30, 2026, 11:38 a.m. | 7\u00a0minutes ago Description :Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2. Severity: 8.8 | HIGH Visit the link for &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-81272","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=81272"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81272\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=81272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=81272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=81272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}