CVE-2026-33590

UNKNOWN 0.0

Insecure default permissions in Portainer CE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the host.

CWE	CWE-276
Vendor	portainer
Product	portainer community edition
Published	May 28, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for portainer portainer community edition

Be the first to know when new unknown vulnerabilities affecting portainer portainer community edition are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Portainer / Portainer Community Edition

0 < 2.39.0 0 < 2.38.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

intwave.com: https://intwave.com/blog/2026/02/26/improving-portainer-security.html github.com: https://github.com/portainer/portainer/commit/ac8fa7672e732b44b970c9eaf928eddd2c68796c github.com: https://github.com/portainer/portainer/commit/3e2fdb1891e81a8e4c5c8beb60e45f07c8ecae52