portainer
Cloud & SaaSoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting portainer.
- CVE-2026-44881Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update9.9
- CVE-2026-44848Portainer: Missing authorization on Docker plugin endpoints allows host RCE8.8
- CVE-2026-44849Portainer: Endpoint security bypass via Swarm service create/update8.8
- CVE-2026-44850Portainer: Bind-mount restriction bypass via HostConfig.Mounts8.5
- CVE-2026-44882Portainer: Kubernetes middleware continues after token validation failure, bypassing endpoint authorization8.1
- CVE-2026-44883Portainer: JWT accepted in URL query leaks tokens to logs and referers7.5
- CVE-2026-44884Portainer: Missing authorization on custom template file endpoint exposes template content6.5
- CVE-2026-44885Portainer: Path traversal in backup archive extraction allows arbitrary file write5.5
- CVE-2025-49593Portainer HTTP Headers May Leak to Malicious Container Registries6.8
- CVE-2024-33662Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.7.5
- CVE-2024-33661Portainer before 2.20.0 allows redirects when the target is not index.yaml.9.1
- CVE-2024-29296A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated use...5.3
- CVE-2022-24961In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.9.8
- CVE-2021-42650Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.6.1
- CVE-2020-24264Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and...9.8