Portainer
Products
1- 27 CVEs
Recent CVEs
27| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44881 | Cri | 0.57 | 9.9 | 0.00 | May 28, 2026 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git… | ||
| CVE-2026-44849 | Hig | 0.50 | 8.8 | 0.00 | May 28, 2026 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings… | ||
| CVE-2026-44848 | Hig | 0.50 | 8.8 | 0.00 | May 28, 2026 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints (/plugins/*)… | ||
| CVE-2026-44850 | Hig | 0.48 | 8.5 | 0.00 | May 28, 2026 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind… | ||
| CVE-2026-33590 | Hig | 0.48 | — | 0.00 | May 28, 2026 | Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root… | ||
| CVE-2026-44882 | Hig | 0.46 | 8.1 | 0.00 | May 28, 2026 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware… | ||
| CVE-2026-44883 | Hig | 0.42 | 7.5 | 0.00 | May 28, 2026 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT… | ||
| CVE-2025-49593 | Med | 0.37 | 6.8 | 0.00 | Jun 17, 2025 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to… | ||
| CVE-2026-44884 | Med | 0.35 | 6.5 | 0.00 | May 28, 2026 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template… | ||
| CVE-2026-44885 | Med | 0.29 | 5.5 | 0.01 | May 28, 2026 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and… | ||
| CVE-2024-29296 | 0.01 | — | 0.01 | Apr 10, 2024 | A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. | |||
| CVE-2024-33662 | 0.00 | — | 0.00 | Oct 2, 2024 | Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. | |||
| CVE-2024-33661 | 0.00 | — | 0.01 | Apr 25, 2024 | Portainer before 2.20.0 allows redirects when the target is not index.yaml. | |||
| CVE-2022-24961 | 0.00 | — | 0.02 | Feb 11, 2022 | In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. | |||
| CVE-2021-42650 | 0.00 | — | 0.01 | Oct 18, 2021 | Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates. | |||
| CVE-2020-24264 | 0.00 | — | 0.04 | Mar 16, 2021 | Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once… | |||
| CVE-2020-24263 | 0.00 | — | 0.02 | Mar 16, 2021 | Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. | |||
| CVE-2019-16877 | 0.00 | — | 0.01 | Nov 7, 2019 | Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | |||
| CVE-2019-16878 | 0.00 | — | 0.01 | Nov 7, 2019 | Portainer before 1.22.1 has XSS (issue 2 of 2). | |||
| CVE-2019-16876 | 0.00 | — | 0.01 | Nov 7, 2019 | Portainer before 1.22.1 allows Directory Traversal. |
- risk 0.57cvss 9.9epss 0.00
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git…
- risk 0.50cvss 8.8epss 0.00
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings…
- risk 0.50cvss 8.8epss 0.00
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints (/plugins/*)…
- risk 0.48cvss 8.5epss 0.00
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind…
- risk 0.48cvss —epss 0.00
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root…
- risk 0.46cvss 8.1epss 0.00
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware…
- risk 0.42cvss 7.5epss 0.00
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT…
- risk 0.37cvss 6.8epss 0.00
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to…
- risk 0.35cvss 6.5epss 0.00
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template…
- risk 0.29cvss 5.5epss 0.01
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and…
- CVE-2024-29296Apr 10, 2024risk 0.01cvss —epss 0.01
A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.
- CVE-2024-33662Oct 2, 2024risk 0.00cvss —epss 0.00
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.
- CVE-2024-33661Apr 25, 2024risk 0.00cvss —epss 0.01
Portainer before 2.20.0 allows redirects when the target is not index.yaml.
- CVE-2022-24961Feb 11, 2022risk 0.00cvss —epss 0.02
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.
- CVE-2021-42650Oct 18, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
- CVE-2020-24264Mar 16, 2021risk 0.00cvss —epss 0.04
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once…
- CVE-2020-24263Mar 16, 2021risk 0.00cvss —epss 0.02
Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host.
- CVE-2019-16877Nov 7, 2019risk 0.00cvss —epss 0.01
Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).
- CVE-2019-16878Nov 7, 2019risk 0.00cvss —epss 0.01
Portainer before 1.22.1 has XSS (issue 2 of 2).
- CVE-2019-16876Nov 7, 2019risk 0.00cvss —epss 0.01
Portainer before 1.22.1 allows Directory Traversal.