CVE-2026-44849

UNKNOWN 0.0

Portainer: Endpoint security bypass via Swarm service create/update

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

12th

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that administrators configure to restrict the container configurations non-admin users can launch: privileged mode, host PID namespace, device mapping, capabilities, sysctls, security-opt (Seccomp / AppArmor), and bind mounts. These restrictions are enforced on the standard container creation path, but several of them are not applied on the Docker Swarm service API. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0.

CWE	CWE-862
Vendor	portainer
Product	portainer
Published	May 28, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for portainer portainer

Be the first to know when new unknown vulnerabilities affecting portainer portainer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

portainer / portainer

>= 2.33.0, < 2.33.8 >= 2.39.0, < 2.39.2 >= 2.40.0, < 2.41.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/portainer/portainer/security/advisories/GHSA-5fxq-qcf3-244w