Security Vulnerability in Portainer Community Edition for Containerized Applications
CVE-2026-44850

8.5HIGH

Key Information:

Vendor

Portainer

Status
Vendor
CVE Published:
28 May 2026

What is CVE-2026-44850?

Portainer Community Edition allows authenticated users with permission to create containers to bypass security settings designed to prevent binding host paths. Specifically, the vulnerability arises from the failure to check the HostConfig.Mounts array when enforcing restrictions on non-admin users. This oversight permits unauthorized path binding into containers, potentially exposing sensitive host filesystem data. The issue is resolved in versions 2.33.8, 2.39.2, and 2.41.0, which enhance security by ensuring appropriate checks are in place.

Affected Version(s)

portainer >= 2.33.0, < 2.33.8 < 2.33.0, 2.33.8

portainer >= 2.39.0, < 2.39.2 < 2.39.0, 2.39.2

portainer >= 2.40.0, < 2.41.0 < 2.40.0, 2.41.0

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.