cbcvebase.
CVE-2026-44939
published 2026-06-19

CVE-2026-44939: A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML…

PriorityP262critical9.4CVSS 4.0
AVNACLATNPRNUIPVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
1.11%
61.9th percentile
A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers.

Affected

5 ranges
VendorProductVersion rangeFixed in
suserancher>= 2.10.0 < 2.10.122.10.12
suserancher>= 2.11.0 < 2.11.142.11.14
suserancher>= 2.12.0 < 2.12.102.12.10
suserancher>= 2.13.0 < 2.13.62.13.6
suserancher>= 2.14.0 < 2.14.22.14.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.