CVE-2026-44885 | portainer Community Edition up to 2.33.7 api/archive/targz.go path traversal (GHSA-m8fg-67j7-cx4v)
ID: 2a5cd5cf-9588-5075-932c-6268ba77df37
STIX ID: report--2a5cd5cf-9588-5075-932c-6268ba77df37
Feed Name: VulDB Recent Entries
Threat Score
Portainer Community Edition versions 2.33.0 through 2.33.7 have a path traversal vulnerability (CVE-2026-44885) in api/archive/targz.go's ExtractTarGz that allows a crafted .tar.gz archive to write files outside the extraction root; the issue impacts integrity and availability, exploitation requires additional authentication and no public exploit is known, and it is fixed in version 2.33.8 — upgrade recommended.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.