Directory Traversal Vulnerability in Portainer Community Edition by Portainer
CVE-2026-44885

5.5MEDIUM

Key Information:

Vendor

Portainer

Status
Vendor
CVE Published:
28 May 2026

What is CVE-2026-44885?

The Portainer Community Edition, a platform for managing containerized applications, is susceptible to a directory traversal vulnerability which affects versions from 2.33.0 to before 2.33.8. The backup restore feature permits the extraction of .tar.gz archives without proper safeguards, allowing maliciously crafted archives to write to arbitrary locations on the server's filesystem. This flaw can potentially lead to sensitive data being exposed or manipulated if exploited.

Affected Version(s)

portainer >= 2.33.0, < 2.33.8

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.