Portainer Community Edition, a lightweight service delivery platform for containerized applications, has a vulnerability that allows an attacker with appropriate authenticated permissions to read any file that the Portainer process can access. The flaw arises when a Git‑backed stack is created or updated; Portainer clones the repository and converts Git blob entries that are symlinks into OS symlinks without validating the target path. Because the GET /api/stacks/{id}/file endpoint subsequently reads the stack entry point, a malicious repository that defines docker‑compose.yml as a symlink to an arbitrary location will cause the contents of that target file to be returned in an HTTP response. This enables confidential information disclosure, exposing the weakness highlighted by CWE‑200 and CWE‑59. The damage is limited to confidentiality, as the attacker cannot tamper with data or execute code remotely through this flaw.

The issue affects Portainer Community Edition versions that precede the patched releases. Vulnerable releases include 2.33.0 through 2.33.7, 2.39.0 through 2.39.1, and any pre‑2.41.0 version that has not yet been upgraded. The exploit requires an authenticated user who has rights to create or update a Git‑backed stack—permissions that are enabled by default in the standard configuration.

The vulnerability carries a CVSS score of 8.5, rating it as High severity, and although the EPSS score is not available, the absence of a KEV listing suggests no known widespread exploitation. Nevertheless, the attack vector is remote in the sense that it only requires legitimate access to the Portainer UI; once authenticated, the attacker can craft a malicious repository and trigger the vulnerability. Because the flaw allows reading arbitrary files on the host, the risk is significant for environments where the Portainer process runs with elevated privileges or where sensitive data resides on the same host.