Portainer CE Patches Nine CVEs Including Two Critical Container Escape Flaws
Portainer Community Edition disclosed and patched nine security vulnerabilities on May 28, 2026, including two critical flaws that allow authenticated users to bypass endpoint restrictions and escape containers to the host.
Portainer Community Edition, the widely used container management platform for Docker, Swarm, Kubernetes, and ACI environments, disclosed and patched nine security vulnerabilities on May 28, 2026. The batch includes two critical-severity CVEs and seven high- or medium-severity issues spanning authentication bypass, authorization failures, insecure defaults, and arbitrary file extraction. The fixes are consolidated in versions 2.33.8, 2.39.2, and 2.41.0, depending on the release track.
The most severe vulnerabilities are CVE-2026-44849 and CVE-2026-44848, both rated Critical. CVE-2026-44849 concerns seven EndpointSecuritySettings restrictions that administrators configure to limit what non-admin users can do in an environment. According to the advisory, Portainer failed to properly enforce these restrictions, meaning an authenticated non-administrative user with endpoint access could bypass all seven security settings — including those meant to prevent bind mounts, privileged containers, and host filesystem access. The CVSSv3 score is 9.0 or higher. CVE-2026-44848 is a different class of critical bug: the Docker plugin management endpoints (/plugins/*) were never registered with a handler in the Portainer API, leaving them in a default state that allowed unauthenticated access. An attacker could exploit this to install, modify, or remove Docker plugins on the host, effectively gaining code execution at the host level.
Five high-severity CVEs round out the disclosure. CVE-2026-44883 describes a flaw in Portainer's authentication middleware: the system accepted JWT bearer tokens passed as a URL query parameter (?token=<JWT>), making tokens visible in server logs, referrer headers, and browser history, which could allow token theft or replay. CVE-2026-44882 targets the Kubernetes proxy layer, where incomplete validation could allow an authenticated user to issue Kubernetes API calls beyond their authorized scope. CVE-2026-44881 affects Git-backed stack deployments, allowing an attacker with stack creation privileges to craft a malicious Git repository that, when fetched, could lead to server-side request forgery or arbitrary file access on the Portainer server. CVE-2026-44850 is tied to the "Disable bind mounts for non-administrators" security setting, which was not properly enforced, allowing non-admin users to mount host directories into containers — a classic container escape vector. CVE-2026-33590 addresses insecure default settings that grant regular users privileges allowing host filesystem access and host-level code execution.
Two medium-severity CVEs complete the batch. CVE-2026-44885 affects the backup restore feature, which accepts a .tar.gz archive and extracts it to a target directory on the server; insufficient validation of the archive contents could allow path traversal during extraction. CVE-2026-44884 is a missing authorization vulnerability in the Custom Template file endpoint, which failed to verify that the requesting user had permission to access the requested template file, potentially exposing template contents or metadata to unauthorized users.
Portainer released fixes across three version tracks: 2.33.x track patched in 2.33.8 (all CVEs), 2.39.x track patched in 2.39.2 (all CVEs except CVE-2026-44885, which only affects 2.33.x), and 2.41.x track patched in 2.41.0 (subset of CVEs affecting the latest track). Users running Portainer CE 2.33.0 through 2.33.7, 2.39.0 through 2.39.1, or any pre-2.41.0 build should upgrade immediately. The vendor has published advisories on the Portainer GitHub security page.
Portainer is deployed in production environments to manage container infrastructure at scale. The concentration of nine CVEs — two of them critical — in a single disclosure signals a significant audit of the platform's authorization and enforcement layers. The common thread across most of these vulnerabilities is that an attacker needs *some* level of authenticated access to exploit them, but the critical and high-severity flaws (particularly CVE-2026-44849, CVE-2026-44848, and CVE-2026-33590) allow that limited access to escalate into host-level compromise. Organizations running Portainer CE should treat this batch as a priority upgrade, especially in multi-tenant environments where non-admin users have endpoint access.