CVE Catalog

CVE-2026-44939

CriticalCVSS 9.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.11%

62th percentile — higher than 62% of all known CVEs

Summary

CVE-2026-44939 describes a command injection vulnerability in the Rancher Manager import endpoint before version 2.14.2, potentially allowing the execution of malicious containers.

Risk Assessment

Remote attackers could exploit this vulnerability to gain control over the system, posing a significant security risk to the organization.

Recommendation

It is recommended to upgrade to Rancher Manager version 2.14.2 or later and to monitor and secure the import endpoints.

Original NVD description (English source)

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS