CVE-2026-44884
Authenticated File Read Vulnerability in Portainer Community Edition
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portainer | community_edition | From 2.33.0 (inc) to 2.33.8 (exc) |
| portainer | community_edition | 2.39.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Portainer Community Edition versions from 2.33.0 to before 2.33.8 and 2.39.1. It is a missing authorization flaw in the Custom Template file endpoint (GET /api/custom_templates/{id}/file).
Any authenticated user can exploit this vulnerability by enumerating sequential integer IDs to read the file content of any custom template, bypassing Resource Control access restrictions.
Since template files may contain sensitive environment-specific information such as connection strings, API tokens, or registry credentials, this unauthorized access can expose data that administrators would not expect standard users to see.
The vulnerability is fixed in versions 2.33.8 and 2.39.1.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information stored in custom template files, such as connection strings, API tokens, and registry credentials.
An attacker with authenticated access could read these sensitive details, potentially leading to further compromise of containerized environments or connected systems.
Because the vulnerability bypasses Resource Control access restrictions, it undermines the intended security controls and could facilitate privilege escalation or lateral movement within the environment.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Portainer Community Edition to version 2.33.8 or 2.39.1, where the missing authorization issue in the Custom Template file endpoint is fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows any authenticated user to read the file content of any custom template by enumerating sequential integer IDs, bypassing Resource Control access restrictions.
Since template files may contain environment-specific sensitive information such as connection strings, API tokens, or registry credentials, unauthorized access to these files could lead to exposure of sensitive data.
Exposure of such sensitive information could potentially lead to non-compliance with data protection regulations like GDPR or HIPAA, which require strict controls over access to sensitive data and credentials.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized access to the Custom Template file endpoint via GET requests to /api/custom_templates/{id}/file by enumerating sequential integer IDs.
To detect exploitation attempts on your network or system, you can monitor HTTP GET requests targeting the /api/custom_templates/{id}/file endpoint, especially those with sequential integer IDs.
Suggested commands to detect such activity include:
- Using grep on web server logs to find suspicious GET requests: grep -E 'GET /api/custom_templates/[0-9]+/file' /var/log/nginx/access.log
- Using curl to test access to specific template files (replace {id} with integers): curl -i -H "Authorization: Bearer <token>" https://<portainer-host>/api/custom_templates/{id}/file
- Using network monitoring tools like Wireshark or tcpdump to filter HTTP GET requests to the vulnerable endpoint.
Note that this vulnerability requires authentication, so monitoring authenticated user activity on this endpoint is important.