Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44884 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44884)
vulnerability in github.com/portainer/portainer (CVE-2026-44884). Confidential information can be exposed externally. Exploitable via `GET /api/custom_templates/{id}/file`. Mitigation: upgrade to `2.39.1` or later.
|
| CVE-2026-44883 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44883)
vulnerability in github.com/portainer/portainer (CVE-2026-44883). Successful exploitation can lead to full system takeover. Exploitable via ``Referer``. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44849 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44849)
vulnerability in github.com/portainer/portainer (CVE-2026-44849). Successful exploitation can lead to full system takeover. Exploitable via `POST /services/create`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44882 |
|
Authorization Flaw in github.com/portainer/portainer (CVE-2026-44882)
vulnerability in github.com/portainer/portainer (CVE-2026-44882). Confidential information can be exposed externally. Exploitable via ``kubeClientMiddleware``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-44881 |
|
Information Disclosure in github.com/portainer/portainer (CVE-2026-44881)
vulnerability in github.com/portainer/portainer (CVE-2026-44881). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/stacks/{id}/file`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44850 |
|
Authorization Flaw in github.com/portainer/portainer (CVE-2026-44850)
vulnerability in github.com/portainer/portainer (CVE-2026-44850). Confidential information can be exposed externally. Exploitable via `POST /containers/create`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44885 |
|
Path Traversal in github.com/portainer/portainer (CVE-2026-44885)
path traversal in github.com/portainer/portainer (CVE-2026-44885). Data can be tampered with by attackers. Exploitable via ``ExtractTarGz``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-44848 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44848)
vulnerability in github.com/portainer/portainer (CVE-2026-44848). Successful exploitation can lead to full system takeover. Exploitable via `POST /plugins/pull`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2024-29296 |
|
Vulnerability in portainer (CVE-2024-29296)
vulnerability in portainer (CVE-2024-29296). Risk of unauthorized operations or information disclosure.
|