Security Vulnerability in Portainer Community Edition for Containerized Applications
CVE-2026-44850
8.5HIGH
What is CVE-2026-44850?
Portainer Community Edition allows authenticated users with permission to create containers to bypass security settings designed to prevent binding host paths. Specifically, the vulnerability arises from the failure to check the HostConfig.Mounts array when enforcing restrictions on non-admin users. This oversight permits unauthorized path binding into containers, potentially exposing sensitive host filesystem data. The issue is resolved in versions 2.33.8, 2.39.2, and 2.41.0, which enhance security by ensuring appropriate checks are in place.
Affected Version(s)
portainer >= 2.33.0, < 2.33.8 < 2.33.0, 2.33.8
portainer >= 2.39.0, < 2.39.2 < 2.39.0, 2.39.2
portainer >= 2.40.0, < 2.41.0 < 2.40.0, 2.41.0
