Command Injection Vulnerability in Rancher Manager by Rancher
CVE-2026-44939

9.4CRITICAL

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-44939?

A command injection vulnerability exists in the Rancher Manager cluster, allowing attackers to exploit the /v3/import/{token}_{clusterId}.yaml endpoint. This vulnerability arises from unsanitized YAML parameters which may enable remote attackers to execute arbitrary commands and potentially compromise container security by breaking out of isolated execution environments.

Affected Version(s)

Rancher 2.14.0 < 2.14.2

Rancher 2.13.0 < 2.13.6

Rancher 2.12.0 < 2.12.10

References

https://github.com/rancher/rancher/security/advisories/GH...

vendor-advisory

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
May 8, 2026

CVE-2026-44939 Data

JSON

Suse

What is CVE-2026-44939?

Affected Version(s)

References

CVSS V4

Timeline