Portainer has a path traversal in backup archive extraction that allows arbitrary file write
Description
Summary
Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function (ExtractTarGz in api/archive/targz.go) constructed output paths using filepath.Clean(filepath.Join(outputDirPath, header.Name)). This combination does not prevent directory traversal — a tar entry named ../../etc/cron.d/evil resolves to a path outside the extraction root, so a crafted archive can write files to arbitrary locations on the server filesystem.
Severity
Medium
CWE-22 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploitation requires administrator access to Portainer's backup restore endpoint. An administrator who is deceived into restoring a malicious archive, or whose credentials are compromised, can use this path to write files outside the Portainer data directory.
Affected
Versions
The vulnerability exists in every Portainer release prior to 2.39.0 — ExtractTarGz has used filepath.Clean(filepath.Join()) since it was introduced. The fix shipped with 2.39.0 (patched on develop before the 2.39 branch cut); 2.34.x–2.38.x STS releases are also affected but are end-of-life and will not receive a fix.
| Branch | First vulnerable | Fixed in | |--------------|------------------|------------| | 2.33.x (LTS) | 2.33.0 | 2.33.8 |
Portainer 2.39.0 and later are not affected — the fix was present from the initial 2.39.0 release. All releases prior to 2.33.0 are end-of-life and will not receive a fix; users on EOL versions should upgrade to a supported release.
Workarounds
Administrators who cannot immediately upgrade should:
- Only restore archives from trusted sources. Do not restore archives received from untrusted parties or transmitted over unencrypted channels.
- Use backup encryption. Portainer's optional backup encryption requires the correct passphrase to decrypt before extraction; an attacker without the passphrase cannot craft a valid encrypted archive.
Neither of these replaces the fix.
Affected
Code
ExtractTarGz in api/archive/targz.go constructed output paths without safe containment:
// api/archive/targz.go (pre-fix)
case tar.TypeReg:
p := filepath.Clean(filepath.Join(outputDirPath, header.Name))
filepath.Join resolves ../ components lexically and filepath.Clean normalises the result, but neither verifies the final path remains inside outputDirPath. The fix replaces this with filesystem.JoinPaths, which forces all path components to be relative to the trusted root:
// api/archive/targz.go (post-fix)
case tar.TypeReg:
p := filesystem.JoinPaths(outputDirPath, header.Name)
Impact
- Arbitrary file write at any path accessible to the Portainer process (typically root in containerised deployments), overriding filesystem boundaries of the data directory.
- Potential host persistence by writing to cron directories, SSH authorised key files, or executable paths, depending on how the container is configured and what host paths are accessible.
The practical severity is reduced because exploitation requires administrative privileges within Portainer.
Timeline
- 2026-02-16: Fix merged to develop (#1875).
- 2026-02-25: 2.39.0 released with fix.
- 2026-05-07: 2.33.8 released with backport fix.
Credits
Reported by Kolega.
Affected products
1Patches
1e02ae6b2fb69fix(archive): prevent file traversal vulnerability BE-12582 (#1875)
2 files changed · +58 −1
api/archive/targz.go+2 −1 modified@@ -10,6 +10,7 @@ import ( "path/filepath" "strings" + "github.com/portainer/portainer/api/filesystem" "github.com/portainer/portainer/api/logs" ) @@ -108,7 +109,7 @@ func ExtractTarGz(r io.Reader, outputDirPath string) error { case tar.TypeDir: // skip, dir will be created with a file case tar.TypeReg: - p := filepath.Clean(filepath.Join(outputDirPath, header.Name)) + p := filesystem.JoinPaths(outputDirPath, header.Name) if err := os.MkdirAll(filepath.Dir(p), 0o744); err != nil { return fmt.Errorf("Failed to extract dir %s", filepath.Dir(p)) }
api/archive/targz_test.go+56 −0 modified@@ -1,12 +1,15 @@ package archive import ( + "archive/tar" + "compress/gzip" "os" "os/exec" "path" "path/filepath" "testing" + "github.com/portainer/portainer/api/filesystem" "github.com/rs/zerolog/log" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -108,3 +111,56 @@ func Test_shouldCreateArchive2(t *testing.T) { wasExtracted("dir/inner") wasExtracted("dir/.dotfile") } + +func TestExtractTarGzPathTraversal(t *testing.T) { + testDir := t.TempDir() + + // Create an evil file with a path traversal attempt + tarPath := filesystem.JoinPaths(testDir, "evil.tar.gz") + + evilFile, err := os.Create(tarPath) + require.NoError(t, err) + + gzWriter := gzip.NewWriter(evilFile) + tarWriter := tar.NewWriter(gzWriter) + + content := []byte("evil content") + + header := &tar.Header{ + Name: "../evil.txt", + Mode: 0600, + Size: int64(len(content)), + Typeflag: tar.TypeReg, + } + + err = tarWriter.WriteHeader(header) + require.NoError(t, err) + + _, err = tarWriter.Write(content) + require.NoError(t, err) + + err = tarWriter.Close() + require.NoError(t, err) + + err = gzWriter.Close() + require.NoError(t, err) + + err = evilFile.Close() + require.NoError(t, err) + + // Attempt to extract the evil file + extractionDir := filesystem.JoinPaths(testDir, "extraction") + err = os.Mkdir(extractionDir, 0700) + require.NoError(t, err) + + tarFile, err := os.Open(tarPath) + require.NoError(t, err) + + // Check that the file didn't escape + err = ExtractTarGz(tarFile, extractionDir) + require.NoError(t, err) + require.NoFileExists(t, filesystem.JoinPaths(testDir, "evil.txt")) + + err = tarFile.Close() + require.NoError(t, err) +}
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.