Github.Com Portainer Portainer vulnerabilities
9 known vulnerabilities affecting github.com/portainer_portainer.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-44881P2HIGH≥ 2.33.0, < 2.33.8≥ 2.39.0, < 2.39.2+1 more2026-05-14
CVE-2026-44881 [HIGH] CWE-200 Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
## Summary
Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using `go-git` v5, which translates Git blob entries with mode `0o120000` (symlink) into real OS symlinks on the host filesystem via `os.Symlink`. The o
ghsa
CVE-2026-44848P3CRITICAL≥ 2.33.0, < 2.33.8≥ 2.39.0, < 2.39.2+1 more2026-05-14
CVE-2026-44848 [CRITICAL] CWE-862 Portainer missing authorization on Docker plugin endpoints, which allows host RCE
Portainer missing authorization on Docker plugin endpoints, which allows host RCE
## Summary
Portainer enforces Role-Based Access Control (RBAC) on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers (containers, images, services, volumes, etc.) that apply authorization checks.
The Docker plugin management endpoints (`/plugins/*`)
ghsa
CVE-2026-44849P3CRITICAL≥ 2.33.0, < 2.33.8≥ 2.39.0, < 2.39.2+1 more2026-05-14
CVE-2026-44849 [CRITICAL] CWE-862 Portainer has an endpoint security bypass via Swarm service create/update
Portainer has an endpoint security bypass via Swarm service create/update
## Summary
Portainer enforces seven `EndpointSecuritySettings` restrictions that administrators configure to restrict the container configurations non-admin users can launch: **privileged mode**, **host PID namespace**, **device mapping**, **capabilities**, **sysctls**, **security-opt (Seccomp / AppArmor)**, and **
ghsa
CVE-2026-44882P3HIGH≥ 2.33.0, < 2.33.82026-05-14
CVE-2026-44882 [HIGH] CWE-863 Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
## Summary
Portainer proxies requests to Kubernetes clusters through a middleware layer (`kubeClientMiddleware`) that validates the requesting user's token before forwarding traffic to the cluster. When `security.RetrieveTokenData` returned an error,
ghsa
CVE-2026-44850P3HIGH≥ 2.33.0, < 2.33.8≥ 2.39.0, < 2.39.2+1 more2026-05-14
CVE-2026-44850 [HIGH] CWE-863 Portainer has a bind-mount restriction bypass via HostConfig.Mounts
Portainer has a bind-mount restriction bypass via HostConfig.Mounts
## Summary
Portainer offers an environment-level **Disable bind mounts for non-administrators** security setting that blocks regular users from binding host paths into containers they create through the Portainer-mediated Docker API. The check that enforces this setting only inspected the legacy `HostConfig.Binds` array on the con
ghsa
CVE-2026-44883P3HIGH≥ 2.33.0, < 2.33.8≥ 2.39.0, < 2.39.2+1 more2026-05-14
CVE-2026-44883 [HIGH] CWE-598 Portainer: JWT accepted in URL query leaks tokens to logs and referers
Portainer: JWT accepted in URL query leaks tokens to logs and referers
## Summary
Portainer's authentication middleware accepts JWT bearer tokens passed as the `?token=` URL query parameter on any authenticated API endpoint, in addition to the standard `Authorization: Bearer` header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP `Referer` headers on outbound navigatio
ghsa
CVE-2026-44884P3MEDIUM≥ 2.33.0, < 2.33.8≥ 2.39.0, < 2.39.12026-05-14
CVE-2026-44884 [MEDIUM] CWE-862 Portainer missing authorization on custom template file endpoint, which exposes template content
Portainer missing authorization on custom template file endpoint, which exposes template content
## Summary
A missing authorization vulnerability in the Custom Template file endpoint (`GET /api/custom_templates/{id}/file`) allows any authenticated user to read the file content of any custom template by enumerating sequential integer IDs, bypassing Resource Control acc
ghsa
CVE-2024-33662P3HIGH≥ 0, < 2.20.22024-10-02
CVE-2024-33662 [HIGH] CWE-326 Portainer improperly uses an encryption algorithm in the AesEncrypt function
Portainer improperly uses an encryption algorithm in the AesEncrypt function
Portainer before 2.20.2 improperly uses an encryption algorithm in the `AesEncrypt` function.
ghsaosv
CVE-2026-44885P3MEDIUM≥ 2.33.0, < 2.33.82026-05-14
CVE-2026-44885 [MEDIUM] CWE-22 Portainer has a path traversal in backup archive extraction that allows arbitrary file write
Portainer has a path traversal in backup archive extraction that allows arbitrary file write
### Summary
Portainer's backup restore feature accepts a `.tar.gz` archive and extracts it to a target directory on the server. The extraction function (`ExtractTarGz` in `api/archive/targz.go`) constructed output paths using `filepath.Clean(filepath.Join(outputDirPath, header.Name
ghsa