pkg:Go/github.com/portainer/portainer

10 total CVEsHIGH4MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.5CVE-2026-44850Portainer has a bind-mount restriction bypass via HostConfig.Mounts
    >= 2.33.0, < 2.33.8
  • HIGH8.1CVE-2026-44882Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
    >= 2.33.0, < 2.33.8
  • HIGH7.5CVE-2024-33662Portainer improperly uses an encryption algorithm in the AesEncrypt function
    from 0, < 2.20.2
  • HIGH7.5CVE-2024-33662Portainer improperly uses an encryption algorithm in the AesEncrypt function
    from 0
  • MEDIUM5.5CVE-2026-44885Portainer has a path traversal in backup archive extraction that allows arbitrary file write
    >= 2.33.0, < 2.33.8
  • CVE-2026-44884Portainer missing authorization on custom template file endpoint, which exposes template content
    >= 2.33.0, < 2.33.8
  • CVE-2026-44883Portainer: JWT accepted in URL query leaks tokens to logs and referers
    >= 2.33.0, < 2.33.8
  • CVE-2026-44849Portainer has an endpoint security bypass via Swarm service create/update
    >= 2.33.0, < 2.33.8
  • CVE-2026-44881Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
    >= 2.33.0, < 2.33.8
  • CVE-2026-44848Portainer missing authorization on Docker plugin endpoints, which allows host RCE
    >= 2.33.0, < 2.33.8