CVE-2026-44850

HIGH 8.5

Portainer: Bind-mount restriction bypass via HostConfig.Mounts

CVSS Score

8.5

EPSS Score

0.0%

EPSS Percentile

9th

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for non-administrators security setting that blocks regular users from binding host paths into containers they create through the Portainer-mediated Docker API. The check that enforces this setting only inspected the legacy HostConfig.Binds array on the container-create proxy and never looked at the equivalent HostConfig.Mounts array. Any authenticated user with rights to create containers on a Docker environment where the restriction is enabled could submit a bind-typed entry under HostConfig.Mounts and mount any host path into their container. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0.

CWE	CWE-863
Vendor	portainer
Product	portainer
Published	May 28, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for portainer portainer

Be the first to know when new high vulnerabilities affecting portainer portainer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Affected Versions

portainer / portainer

>= 2.33.0, < 2.33.8 >= 2.39.0, < 2.39.2 >= 2.40.0, < 2.41.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/portainer/portainer/security/advisories/GHSA-7fw3-x4r2-g7wc