{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "extracted_events": [
              {
                "introduced": "2.13.0"
              },
              {
                "fixed": "2.13.7"
              },
              {
                "introduced": "2.14.0"
              },
              {
                "fixed": "2.14.3"
              }
            ],
            "source": "AFFECTED_FIELD"
          },
          "events": [
            {
              "introduced": "f94ac947f75e312f1ab9217d21b2770b48b734c8"
            },
            {
              "fixed": "81dc2c4ed99c5d478f01ab1a6d4def772df349c6"
            },
            {
              "introduced": "19d8a9c03fde57ab691101dc90a17b92c55f09ad"
            },
            {
              "fixed": "4603afd276483411c06a2b716eca38931b564e48"
            }
          ],
          "repo": "https://github.com/rancher/rancher",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-c4rp-wgqc-mfhc"
  ],
  "database_specific": {
    "cna_assigner": "suse",
    "cwe_ids": [
      "CWE-281"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44947.json"
  },
  "details": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate.",
  "id": "CVE-2026-44947",
  "modified": "2026-07-15T01:49:21.149393911Z",
  "published": "2026-06-30T14:21:01.291Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44947.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-c4rp-wgqc-mfhc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44947"
    }
  ],
  "schema_version": "1.8.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher"
}