Description
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent

access on the host.
Published: 2026-05-28
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from insecure default permissions in Portainer Community Edition. A non‑administrator user who can authenticate to an endpoint inherits privileges that enable reading of host files and executing code at host level. Because the flaw is tied to the way the application sets file and directory permissions, an attacker who gains such user access can bypass normal isolation boundaries. This flaw falls under CWE‑276, representing insecure permission assignments that can lead to privilege escalation.

Affected Systems

Portainer Community Edition is affected. Specific version details are not disclosed in the advisory, so any installation that includes the default configuration before the security fixes referenced in the commit logs could be vulnerable.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity vulnerability. The EPSS score is not available, and the issue has not been listed in CISA’s KEV catalog. An attacker needs to be authenticated as a non‑admin user with endpoint access; from that position, the flaw can be leveraged to read host files or run code with elevated privileges. The attack vector appears to be local or authenticated, and the vulnerability can be exploited without requiring network exposure beyond the scope of the Portainer instance.

Generated by OpenCVE AI on May 28, 2026 at 20:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Portainer CE to the latest release that removes the insecure default permissions.
  • Reconfigure user roles to restrict endpoint access for non‑admin users or remove those users from the system.
  • Review and tighten file system permissions for the Portainer data directories to ensure they are not world readable or writable.

Generated by OpenCVE AI on May 28, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 19:45:00 +0000

Type Values Removed Values Added
Description Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the host.
Title Insecure default permissions in Portainer CE
Weaknesses CWE-276
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ENISA

Published:

Updated: 2026-05-28T19:30:06.697Z

Reserved: 2026-03-23T12:53:47.474Z

Link: CVE-2026-33590

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-28T20:16:23.163

Modified: 2026-05-28T20:16:23.163

Link: CVE-2026-33590

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T20:30:25Z

Weaknesses