Unauthenticated Administrative Access in Portainer Community Edition
CVE-2026-55761
7.1HIGH
What is CVE-2026-55761?
In Portainer Community Edition versions 2.39.0 to 2.39.3 and 2.40.0 to 2.43.0, a security vulnerability allows network attackers to exploit unauthenticated endpoints during the initial setup phase. Specifically, the endpoints for restoring backups and initializing the administrator account are exposed for five minutes after the instance is set up. This could enable unauthorized users to execute administrative actions, posing a significant risk to the integrity and security of containerized application environments. Users are advised to upgrade to versions 2.39.4 or 2.43.0 to mitigate this risk.
Affected Version(s)
portainer >= 2.39.0, < 2.39.4
