CVE-2026-44939

Vulnerability Description

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers.

Vulnerability Details

Published Date

June 19, 2026

Last Modified

June 19, 2026

CWE ID

CWE-95

Source

NVD

Vendor

SUSE

Product

Rancher

External References

https://github.com/rancher/rancher/security/advisories/GHSA-mhc6-2gfq-xx62

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment