CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-44949

unknowncovered by 1 sourcefirst seen 2026-06-30
A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webhook service could submit a crafted admission payload and cause workspace-related Kubernetes objects to be created with attacker-chosen identity data.

⚡ Watch CVE-2026-44949

Get an email if CVE-2026-44949 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-44949

CVE.org record

Embed the live status

CVE-2026-44949 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-44949 status](https://www.csirts.com/badge/CVE-2026-44949)](https://www.csirts.com/cve/CVE-2026-44949)