RCE in Suse Rancher
CVE-2026-44939
A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g…
Affected products
- Suse Rancher — versions 2.14.0, 2.13.0, 2.12.0
Weakness classification (CWE)
References
- meissner@suse.de (vendor-advisory)