Unauthenticated Administrative Access in Portainer Community Edition
CVE-2026-55761

7.1HIGH

Key Information:

Vendor

Portainer

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-55761?

In Portainer Community Edition versions 2.39.0 to 2.39.3 and 2.40.0 to 2.43.0, a security vulnerability allows network attackers to exploit unauthenticated endpoints during the initial setup phase. Specifically, the endpoints for restoring backups and initializing the administrator account are exposed for five minutes after the instance is set up. This could enable unauthorized users to execute administrative actions, posing a significant risk to the integrity and security of containerized application environments. Users are advised to upgrade to versions 2.39.4 or 2.43.0 to mitigate this risk.

Affected Version(s)

portainer >= 2.39.0, < 2.39.4

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.