ctipilot.ch

Portainer CE — Docker plugin endpoints not registered in proxy authorization handler; non-admin can install/enable plugins → root host execution (CVSS 9.4)

cve · CVE-2026-44848

Coverage timeline
1
first 2026-05-29 → last 2026-05-31
Peak priority
notable
1 notable
Sources cited
2
2 hosts
Sections touched
1
trending-vulnerabilities
Co-occurring entities
1
see Related entities below
ATT&CK techniques
0
no mapped behavior yet

Story timeline

  1. 2026-05-29CVE-2026-44848 & CVE-2026-44849 — Portainer CE: Docker plugin endpoints unguarded; Swarm-service security checks bypassed (CVSS 9.4)
    trending-vulnerabilities

Where this entity is cited

  • trending-vulnerabilities1

Source distribution

  • ccb.belgium.be1 (50%)
  • github.com1 (50%)

Co-occurring entities

Derived — referenced by the same focused operational entries (weekly summaries and report roundups don't count); ×N counts the shared entries.

Entries about Portainer CE — Docker plugin endpoints not registered in proxy authorization handler; non-admin can install/enable plugins → root host execution (CVSS 9.4) (1)

2026-05-29 · view entry permalink →

CVE-2026-44848 & CVE-2026-44849 — Portainer CE: Docker plugin endpoints unguarded; Swarm-service security checks bypassed (CVSS 9.4)

Portainer shipped CE 2.33.8 / 2.39.2 / 2.41.0 on 2026-05-28 closing two CVSS 9.4 authorization bypasses; CCB Belgium issued a "Patch Immediately" advisory on the same day. CVE-2026-44848 (GHSA-rrmm-9v76-h3p4) — the Docker plugin-management endpoints (/plugins/*) are not registered in Portainer's proxy-authorization handler map, so any authenticated non-admin user with endpoint access can POST /plugins/pull to install a plugin from any registry and POST /plugins/{name}/enable to activate it; Docker runs enabled plugins as root on the host with the plugin's declared capabilities and mounts, giving OS-level code execution. CVE-2026-44849 (GHSA-5fxq-qcf3-244w) — Portainer's seven EndpointSecuritySettings restrictions (privileged mode, host PID, device mapping, capabilities, sysctls, security-opt, bind mounts) are enforced on the standard container-create path but not on the Docker Swarm service API; POST /services/create validates only Mounts[] (1 of 7 checks), and POST /services/{id}/update performs no checks at all. Non-admin users can submit arbitrary CapabilityAdd, Sysctls and Privileges values; a volume-driver bypass additionally allows bind-mount equivalents via Type: volume with VolumeOptions.DriverConfig.Options{type: none, o: bind}. Affected: CE 2.33.0–2.33.7, 2.39.0–2.39.1, 2.40.x. Temporary mitigation: revoke Swarm endpoint access for non-admin users via Portainer RBAC, disable plugin management for non-admin users.

Docker plugin management endpoints (/plugins/*) were not registered with a handler, so standard users with endpoint access could call privileged plugin operations — including installing and enabling plugins — directly against the underlying Docker daemon

Portainer GHSA-rrmm-9v76-h3p4

Warning: Two Critical Vulnerabilities in Portainer Allow Full Host Takeover, Patch Immediately!

Centre for Cybersecurity Belgium
vulnerability29 May 05:00Zmulti-sourceOpen finding ↗