CVE-2026-44882

Portainer’s Kubernetes middleware (kubeClientMiddleware) is affected by CVE-2026-44882. The issue occurs in Portainer CE/EE from 2.33.0 up to before 2.33.8, where security.RetrieveTokenData can return an error and the middleware writes a 403 without returning, allowing execution to continue with ...

GHSA-MGQ6-4X29-88R3 Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

Summary Portainer proxies requests to Kubernetes clusters through a middleware layer kubeClientMiddleware that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missi...

CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

CVE-2019-10253

A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...