CVE-2026-44939
CriticalCVSS 9.4Exploitation Probability (EPSS)
Elevated risk62th percentile — higher than 62% of all known CVEs
Summary
CVE-2026-44939 describes a command injection vulnerability in the Rancher Manager import endpoint before version 2.14.2, potentially allowing the execution of malicious containers.
Risk Assessment
Remote attackers could exploit this vulnerability to gain control over the system, posing a significant security risk to the organization.
Recommendation
It is recommended to upgrade to Rancher Manager version 2.14.2 or later and to monitor and secure the import endpoints.
Original NVD description (English source)
A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers.

