CVE-2026-44939

An input validation flaw in Rancher Manager's import endpoint (/v3/import/{token}_{clusterId}.yaml) allows command injection via unsanitized YAML parameters in versions prior to 2.14.2. Impact: remote attackers could break out of the container image and execute arbitrary code inside containers. R...