Portainer CE: Nine CVEs Disclosed in a Single Day — Two Critical, Seven High/Medium
Portainer Community Edition patched nine security vulnerabilities on May 28, 2026, including two critical-severity flaws that allow authenticated users to bypass endpoint security restrictions and escape containers to the host.
Key findings
- Two critical CVEs (CVE-2026-44849, CVE-2026-44848) allow endpoint security bypass and unauthenticated plugin management
- Five high-severity flaws include JWT token-in-URL leakage, Kubernetes proxy bypass, and Git stack abuse
- CVE-2026-33590 addresses insecure defaults granting non-admin users host filesystem access
- Fixes shipped in three tracks: 2.33.8, 2.39.2, and 2.41.0
- All nine CVEs disclosed within a 2-hour window on May 28, 2026
Portainer Community Edition, the widely used container management platform for Docker, Swarm, Kubernetes, and ACI environments, disclosed and patched nine security vulnerabilities on May 28, 2026. The batch includes two critical-severity CVEs and seven high- or medium-severity issues spanning authentication bypass, authorization failures, insecure defaults, and arbitrary file extraction. The fixes are consolidated in versions 2.33.8, 2.39.2, and 2.41.0, depending on the release track.
Two Critical Flaws: Endpoint Security Bypass and Unauthenticated Plugin Access
The most severe vulnerabilities in this batch are CVE-2026-44849 (Critical) and CVE-2026-44848 (Critical).
CVE-2026-44849 concerns seven EndpointSecuritySettings restrictions that administrators configure to limit what non-admin users can do in an environment. According to the advisory, Portainer failed to properly enforce these restrictions, meaning an authenticated non-administrative user with endpoint access could bypass all seven security settings — including those meant to prevent bind mounts, privileged containers, and host filesystem access. The CVSSv3 score is 9.0 or higher (listed as Critical).
CVE-2026-44848 is a different class of critical bug: the Docker plugin management endpoints (/plugins/*) were never registered with a handler in the Portainer API. This left them in a default state that allowed unauthenticated access. An attacker could exploit this to install, modify, or remove Docker plugins on the host, effectively gaining code execution at the host level.
High-Severity Cluster: Auth Bypass, Git-Backed Stack Abuse, and Kubernetes Proxy Weakness
Five high-severity CVEs round out the disclosure. CVE-2026-44883 (High) describes a flaw in Portainer's authentication middleware: the system accepted JWT bearer tokens passed as a URL query parameter (?token=<JWT>). This made tokens visible in server logs, referrer headers, and browser history, and could allow token theft or replay under the right conditions.
CVE-2026-44882 (High, CVSSv3 8.1) targets the Kubernetes proxy layer. Portainer proxies requests to Kubernetes clusters through a middleware layer (kubeClientMiddleware) that validates user permissions. The advisory indicates this validation was incomplete, potentially allowing an authenticated user to issue Kubernetes API calls beyond their authorized scope.
CVE-2026-44881 (High) affects Git-backed stack deployments. When a user creates a stack from a Git repository, Portainer fetches the repository contents. The vulnerability allowed an attacker with stack creation privileges to craft a malicious Git repository that, when fetched, could lead to server-side request forgery or arbitrary file access on the Portainer server.
CVE-2026-44850 (High, CVSSv3 8.5) is tied to the "Disable bind mounts for non-administrators" security setting. The advisory states that this environment-level restriction was not properly enforced, meaning a non-admin user with endpoint access could still mount host directories into containers — a classic container escape vector.
CVE-2026-33590 (High) addresses insecure default settings in Portainer CE that grant regular (non-admin) users privileges allowing host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access could exploit these defaults to read host files or obtain root-equivalent access on the host.
Medium-Severity: Backup Restore and Missing Authorization
Two medium-severity CVEs complete the batch. CVE-2026-44885 (Medium, CVSSv3 5.5) affects the backup restore feature, which accepts a .tar.gz archive and extracts it to a target directory on the server. Insufficient validation of the archive contents could allow path traversal during extraction.
CVE-2026-44884 (Medium) is a missing authorization vulnerability in the Custom Template file endpoint (GET /api/custom_templates/...). The endpoint failed to verify that the requesting user had permission to access the requested template file, potentially exposing template contents or metadata to unauthorized users.
Patch Status and Affected Versions
Portainer released fixes across three version tracks:
- 2.33.x track: patched in 2.33.8 (all CVEs)
- 2.39.x track: patched in 2.39.2 (all CVEs except CVE-2026-44885, which only affects 2.33.x)
- 2.41.x track: patched in 2.41.0 (subset of CVEs affecting the latest track)
Users running Portainer CE 2.33.0 through 2.33.7, 2.39.0 through 2.39.1, or any pre-2.41.0 build should upgrade immediately. The vendor has published advisories on the Portainer GitHub security page.
Why This Batch Matters
Portainer is deployed in production environments to manage container infrastructure at scale. The concentration of nine CVEs — two of them critical — in a single disclosure signals a significant audit of the platform's authorization and enforcement layers. The common thread across most of these vulnerabilities is that an attacker needs *some* level of authenticated access to exploit them, but the critical and high-severity flaws (particularly CVE-2026-44849, CVE-2026-44848, and CVE-2026-33590) allow that limited access to escalate into host-level compromise. Organizations running Portainer CE should treat this batch as a priority upgrade, especially in multi-tenant environments where non-admin users have endpoint access.