{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-44949: Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-44949","status":"final","version":"1","initial_release_date":"2026-06-30T14:41:34.007Z","current_release_date":"2026-06-30T15:10:17.154Z","revision_history":[{"date":"2026-06-30T14:41:34.007Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"A Rancher FleetWorkspace admission path allowed side effects to occur in\n the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to\n the in-cluster rancher-webhook service\n could submit a crafted admission payload and cause workspace-related \nKubernetes objects to be created with attacker-chosen identity data.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-44949 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-44949"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-44949"},{"category":"external","summary":"github.com","url":"https://github.com/rancher/webhook/security/advisories/GHSA-h83p-cq95-vph4"}]},"product_tree":{"branches":[{"category":"vendor","name":"SUSE","branches":[{"category":"product_name","name":"Rancher","branches":[{"category":"product_version_range","name":">=0.7.0 <0.7.10","product":{"name":"SUSE Rancher >=0.7.0 <0.7.10","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":">=0.8.0 <0.8.7","product":{"name":"SUSE Rancher >=0.8.0 <0.8.7","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":">=0.9.0 <0.9.6","product":{"name":"SUSE Rancher >=0.9.0 <0.9.6","product_id":"CSAFPID-3","product_identification_helper":{"cpe":"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":">=0.10.0 <0.10.7","product":{"name":"SUSE Rancher >=0.10.0 <0.10.7","product_id":"CSAFPID-4","product_identification_helper":{"cpe":"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-44949","title":"Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook","notes":[{"category":"description","text":"A Rancher FleetWorkspace admission path allowed side effects to occur in\n the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to\n the in-cluster rancher-webhook service\n could submit a crafted admission payload and cause workspace-related \nKubernetes objects to be created with attacker-chosen identity data.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1","CSAFPID-2","CSAFPID-3","CSAFPID-4"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N","baseScore":7,"baseSeverity":"HIGH"},"products":["CSAFPID-1","CSAFPID-2","CSAFPID-3","CSAFPID-4"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 0.7.10, 0.8.7, 0.9.6, 0.10.7.","product_ids":["CSAFPID-1","CSAFPID-2","CSAFPID-3","CSAFPID-4"]}]}]}