VYPR
Vendor

Portainer

Products
1
CVEs
27
Across products
27
Status
Private

Products

1

Recent CVEs

27
View all 27 CVEs →
  • CVE-2026-44881CriMay 28, 2026
    risk 0.57cvss 9.9epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git…

  • CVE-2026-44849HigMay 28, 2026
    risk 0.50cvss 8.8epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings…

  • CVE-2026-44848HigMay 28, 2026
    risk 0.50cvss 8.8epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints (/plugins/*)…

  • CVE-2026-44850HigMay 28, 2026
    risk 0.48cvss 8.5epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind…

  • CVE-2026-33590HigMay 28, 2026
    risk 0.48cvss epss 0.00

    Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root…

  • CVE-2026-44882HigMay 28, 2026
    risk 0.46cvss 8.1epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware…

  • CVE-2026-44883HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT…

  • CVE-2025-49593MedJun 17, 2025
    risk 0.37cvss 6.8epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to…

  • CVE-2026-44884MedMay 28, 2026
    risk 0.35cvss 6.5epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template…

  • CVE-2026-44885MedMay 28, 2026
    risk 0.29cvss 5.5epss 0.01

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and…

  • CVE-2024-29296Apr 10, 2024
    risk 0.01cvss epss 0.01

    A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.

  • CVE-2024-33662Oct 2, 2024
    risk 0.00cvss epss 0.00

    Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.

  • CVE-2024-33661Apr 25, 2024
    risk 0.00cvss epss 0.01

    Portainer before 2.20.0 allows redirects when the target is not index.yaml.

  • CVE-2022-24961Feb 11, 2022
    risk 0.00cvss epss 0.02

    In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.

  • CVE-2021-42650Oct 18, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.

  • CVE-2020-24264Mar 16, 2021
    risk 0.00cvss epss 0.04

    Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once…

  • CVE-2020-24263Mar 16, 2021
    risk 0.00cvss epss 0.02

    Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host.

  • CVE-2019-16877Nov 7, 2019
    risk 0.00cvss epss 0.01

    Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).

  • CVE-2019-16878Nov 7, 2019
    risk 0.00cvss epss 0.01

    Portainer before 1.22.1 has XSS (issue 2 of 2).

  • CVE-2019-16876Nov 7, 2019
    risk 0.00cvss epss 0.01

    Portainer before 1.22.1 allows Directory Traversal.