CVE-2026-44848 | portainer Community Edition up to 2.33.7/2.39.1/2.40.x /plugins/ authorization (GHSA-rrmm-9v76-h3p4)
ID: 5442e1aa-1b48-5f9e-820f-4d98d980e9c8
STIX ID: report--5442e1aa-1b48-5f9e-820f-4d98d980e9c8
Feed Name: VulDB Recent Entries
Threat Score
Portainer Community Edition contains an authorization bypass (CVE-2026-44848) in the Docker plugin management endpoints allowing non-admin endpoint users to invoke privileged plugin operations (including installing/enabling plugins). The issue affects multiple 2.33.x/2.39.x/2.40.x releases and is fixed in 2.33.8, 2.39.2, and 2.41.0; upgrading is recommended. The vulnerability is remotely exploitable and described as easy to exploit, though no public exploit is currently available.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.