Vulnerability in Portainer Community Edition Authentication Middleware
CVE-2026-44883
7.7HIGH
What is CVE-2026-44883?
A flaw in the Portainer Community Edition allows JWT bearer tokens to be passed via URL query parameters, exposing sensitive authentication tokens that can be logged in reverse-proxy access logs, browser history, and HTTP Referer headers. This security issue affects versions prior to 2.33.8, 2.39.2, and 2.41.0, and can lead to unauthorized access as any user with an active token can potentially access full privileges until expiration. Users with exec or attach rights on containers are particularly at risk, necessitating prompt upgrading to the patched versions.
Affected Version(s)
portainer >= 2.33.0, < 2.33.8 < 2.33.0, 2.33.8
portainer >= 2.39.0, < 2.39.2 < 2.39.0, 2.39.2
portainer >= 2.40.0, < 2.41.0 < 2.40.0, 2.41.0
