CVE-2026-44849: Portainer EndpointSecuritySettings Bypass via Docker Swarm API
Portainer Community Edition has a security control bypass where administrators can restrict what kinds of containers non-admin users are allowed to launch—such as preventing privileged containers or restricting device access. However, when users create containers through the Docker Swarm API instead of the standard container creation path, several of these restrictions are ignored. An authenticated attacker with basic user privileges could bypass these restrictions to launch more dangerous containers than policy allows. The issue affects versions 2.33.0 through 2.33.7, 2.39.0 through 2.39.1, and 2.40.x, with fixes available in 2.33.8, 2.39.2, and 2.41.0.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-862
- Affected products
- 2 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that administrators configure to restrict the container configurations non-admin users can launch: privileged mode, host PID namespace, device mapping, capabilities, sysctls, security-opt (Seccomp / AppArmor), and bind mounts. These restrictions are enforced on the standard container creation path, but several of them are not applied on the Docker Swarm service API. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
Portainer enforces seven endpoint security settings that restrict container configurations: privileged mode, host PID namespace binding, device mapping, Linux capabilities, sysctl parameters, security options (Seccomp and AppArmor), and bind mounts. These restrictions are implemented on the primary container creation code path but were not consistently applied to the Docker Swarm service API endpoints. This creates a control bypass where an authenticated, non-admin user can reach the Swarm API directly and instantiate containers with restricted configurations that would normally be blocked. The vulnerability maps to CWE-862 (Missing Authorization), indicating the issue is an authorization enforcement gap rather than a cryptographic or validation flaw.
Business impact
Organizations using Portainer to enforce role-based container policies face a risk that standard users may exceed their intended permissions by leveraging the Swarm API. This could allow unauthorized deployment of privileged containers, host-namespace access, or unsafe device mappings—each of which could facilitate container escape, lateral movement, or host compromise. In multi-tenant or shared Kubernetes/Docker environments where policy isolation is a security boundary, this represents a material privilege escalation. Remediation requires prompt patching or architectural changes to restrict Swarm API access to trusted administrators.
Affected systems
Portainer Community Edition versions 2.33.0 through 2.33.7, 2.39.0 through 2.39.1, and all 2.40.x releases are affected. The vulnerability applies to deployments managing Docker Swarm, Kubernetes, or ACI environments. Portainer instances where EndpointSecuritySettings restrictions are actively configured to limit user container creation are at highest risk. Organizations running patched versions 2.33.8, 2.39.2, or 2.41.0 and later are not affected.
Exploitability
Exploitation requires valid Portainer user credentials—no anonymous access is possible. An authenticated attacker with non-admin privileges can call the Docker Swarm service API endpoints directly, bypassing the UI and standard container creation workflow. The attack is straightforward and repeatable: instantiate a container with a restricted configuration (e.g., privileged: true) via Swarm endpoints. No special network positioning or complex multi-step attack chain is required. The CVSS score of 8.8 reflects the combination of low attack complexity, high impact on confidentiality, integrity, and availability, and the fact that a low-privilege user can trigger the vulnerability.
Remediation
Upgrade Portainer Community Edition to version 2.33.8, 2.39.2, or 2.41.0 or later, depending on your current release line. These versions enforce EndpointSecuritySettings restrictions consistently across both standard and Swarm API container creation paths. Organizations unable to patch immediately should restrict network or API-level access to Docker Swarm endpoints to trusted administrators only, and monitor for suspicious container launches that violate policy.
Patch guidance
Update to a patched release: version 2.33.8 (for the 2.33.x line), 2.39.2 (for the 2.39.x line), or 2.41.0 (for current releases). Consult the Portainer release notes and advisory to verify the specific patch version for your environment and validate compatibility with your container orchestration platform. Plan the upgrade during a maintenance window, as it may require a restart of the Portainer service. Test endpoint security policies in a staging environment after upgrade to confirm restrictions are correctly enforced on both standard and Swarm API paths.
Detection guidance
Monitor Portainer audit logs and API request logs for non-admin users invoking Docker Swarm service creation endpoints (/v1.40/services/create, /v2/services, etc.) that bypass the UI. Alert on any container launches with restricted configurations (privileged mode, host namespace binding, unrestricted device or capability access) initiated by non-admin accounts. Review running containers in Swarm mode for configurations that conflict with configured EndpointSecuritySettings policies. Consider implementing network segmentation or API gateway rules to restrict Swarm endpoints to administrative access only.
Why prioritize this
This vulnerability should be treated as high priority. Authenticated users can bypass fundamental authorization controls, enabling privilege escalation in containerized environments. The ability to escape policy enforcement undermines multi-tenancy and role-based access controls that many organizations rely on. Swarm-managed environments and Kubernetes clusters with shared tenancy face elevated risk. The fix is straightforward (upgrade to a patched release) and well-defined, making remediation feasible for most organizations.
Risk score, explained
The CVSS 3.1 score of 8.8 (HIGH) reflects: network-accessible attack vector (AV:N), low attack complexity (AC:L), low privilege requirements (PR:L, authenticated user needed), no user interaction (UI:N), and high impact to confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability does not escape the Portainer system boundary (S:U), but enables an attacker to pivot from a low-privilege user account to deploy arbitrary or dangerous container workloads. The score appropriately captures the severity of authorization bypass in a policy enforcement context.
Frequently asked questions
Does this vulnerability affect Portainer Enterprise Edition?
The disclosed vulnerability applies to Portainer Community Edition. Organizations using Portainer Enterprise Edition should consult the vendor advisory and their support channel to determine if a similar issue exists in their deployment and what patches are available.
Can I mitigate this without upgrading Portainer immediately?
Temporary mitigations include restricting network access to Portainer API endpoints to trusted administrators, disabling or tightly controlling Docker Swarm mode if not required, and implementing external API gateway rules that block non-admin users from reaching Swarm service endpoints. However, these are workarounds; patching is the recommended long-term solution.
How would an attacker discover or exploit this vulnerability?
An attacker with valid Portainer credentials would typically discover this by testing whether Swarm API endpoints respect the configured EndpointSecuritySettings policies. They could launch a test container with a normally-restricted configuration (e.g., privileged mode) and observe whether it succeeds despite policy. No special tools or exploit code are required—standard Docker Swarm API calls are sufficient.
If we upgraded Portainer recently, are we protected?
Only if you upgraded to version 2.33.8, 2.39.2, 2.41.0, or later. Verify your current version in the Portainer UI (typically shown in the footer or settings) and compare it against the patched releases. Versions between 2.33.0–2.33.7, 2.39.0–2.39.1, and all 2.40.x releases remain vulnerable.
This analysis is provided for informational and educational purposes. SEC.co does not verify every claim or exploit scenario independently. Organizations must validate all patch versions, affected configurations, and remediation steps against official vendor advisories and release notes before taking operational action. Test patches in a non-production environment before deployment. The presence or absence of this vulnerability in your environment depends on your Portainer version, orchestration platform, and security policy configuration. Consult your security team and Portainer vendor support for environment-specific guidance. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-44848HIGHPortainer Plugin Management RBAC Bypass – Privilege Escalation in Community Edition
- CVE-2026-44884MEDIUMPortainer Custom Template Information Disclosure Vulnerability
- CVE-2018-25391HIGHHaPe PKH 1.1 Authorization Bypass – Unauthorized Record Deletion Vulnerability
- CVE-2025-26418HIGHAndroid CarDevicePolicyService Privilege Escalation (CVSS 7.8)
- CVE-2025-53345HIGHThimPress Thim Core Missing Authorization Leads to Code Execution
- CVE-2026-10737HIGHWordPress SP Project & Document Manager Unauthenticated File Access Vulnerability
- CVE-2026-31942HIGHLibreChat IDOR Vulnerability Allows Unauthorized API Key Manipulation
- CVE-2026-32905HIGHOpenClaw Device-Pair Authorization Bypass (CVSS 8.3)