Lucene search
K

CVE-2026-44939

🗓️ 19 Jun 2026 12:13:39Reported by suseType 
cve
 cve
🔗 web.nvd.nist.gov👁 36 Views🌐 WEB

Rancher Manager pre-2.14.2 allows command injection via unsanitized configuration language in the import endpoint.

Related
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-44939
19 Jun 202612:13
attackerkb
Circl
CVE-2026-44939
4 Jun 202602:26
circl
Cvelist
CVE-2026-44939 Command injection through unsanitized YAML parameter in Rancher
19 Jun 202612:13
cvelist
EUVD
EUVD-2026-38009
19 Jun 202612:13
euvd
NVD
CVE-2026-44939
19 Jun 202613:16
nvd
Positive Technologies
PT-2026-50872
19 Jun 202600:00
ptsecurity
Snyk
Eval Injection
19 Jun 202614:11
snyk
SUSE CVE
SUSE CVE-2026-44939
29 May 202601:20
susecve
Vulnrichment
CVE-2026-44939 Command injection through unsanitized YAML parameter in Rancher
19 Jun 202612:13
vulnrichment
[
  {
    "vendor": "SUSE",
    "product": "Rancher",
    "packageName": "Rancher",
    "repo": "https://github.com/rancher/rancher/",
    "versions": [
      {
        "status": "affected",
        "version": "2.14.0",
        "lessThan": "2.14.2",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.13.0",
        "lessThan": "2.13.6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.12.0",
        "lessThan": "2.12.10",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.11.0",
        "lessThan": "2.11.14",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.10.0",
        "lessThan": "2.10.12",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]
ParameterPositionPathDescriptionCWE
tokenpath/v3/import/{token}_{clusterId}.yamlCommand injection via unsanitized YAML in the import endpointCWE-95
clusterIdpath/v3/import/{token}_{clusterId}.yamlCommand injection via unsanitized YAML in the import endpointCWE-95

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

24 Jun 2026 05:17Current
6Medium risk
Vulners AI Score6
CVSS 49.4
EPSS0.01113
SSVC
36