CVE-2026-44884

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint GET...

CVE-2026-44881

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

ROS-20260605-73-0024

The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2026-44848

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

CVE-2026-33590

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

CVE-2026-44882

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer...

CVE-2026-44850

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

CVE-2026-44881

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

EUVD-2026-33064

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

CVE-2026-44849

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...

EUVD-2026-33062

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

EUVD-2026-33058

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint GET...

CVE-2026-33590

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

CVE-2026-33590

CVE-2026-33590 affects Portainer CE. Insecure default permissions grant regular (non-admin) users with endpoint access privileges to read host files and potentially obtain root-equivalent access on the host through privileged operations exposed by Portainer. The NVD entry and CVE records describe...

CVE-2026-33590

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

PT-2026-44492

Name of the Vulnerable Software and Affected Versions Portainer CE affected versions not specified Description Insecure default settings grant regular non-administrative users privileges that allow access to the host filesystem and host-level code execution. An authenticated user with endpoint...

ROS-20260524-73-0057

Vulnerability in portainer-ce related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate their privileges...

EUVD-2025-18631

Malicious code in bioql PyPI...

CVE-2025-49593

CVE-2025-49593 affects Portainer Community Edition prior to STS 2.31.0 and LTS 2.27.7. When an administrator is convinced to register a malicious container registry (or an existing registry is taken over), HTTP Headers including registry credentials and Portainer session tokens may be leaked to t...

PT-2025-25764 · Unknown +3 · Portainer Community Edition +4

Name of the Vulnerable Software and Affected Versions: Portainer Community Edition versions prior to 2.31.0 STS and prior to 2.27.7 LTS Description: The issue affects a lightweight service delivery platform for containerized applications, allowing management of Docker, Swarm, Kubernetes, and ACI...