High severityNVD Advisory· Published May 28, 2026· Updated Jun 12, 2026
CVE-2026-33590
CVE-2026-33590
Description
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent
access on the host.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
1- Portainer CE: Nine CVEs Disclosed in a Single Day — Two Critical, Seven High/MediumVypr Intelligence · May 28, 2026