CVE-2026-33590

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,5

Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: passive

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent

access on the host.

276

Incorrect Default Permissions

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Application Data Modify Application Data

Applicable Platforms

Technologies: Not Technology-Specific, ICS/OT

Likelihood of Exploit: Medium

View CWE Details

https://github.com/portainer/portainer/commit/3e2fdb1891e81…

https://github.com/portainer/portainer/commit/3e2fdb1891e81a8e4c5c8beb60e45f07c…

https://github.com/portainer/portainer/commit/ac8fa7672e732…

https://github.com/portainer/portainer/commit/ac8fa7672e732b44b970c9eaf928eddd2…

https://intwave.com/blog/2026/02/26/improving-portainer-sec…

https://intwave.com/blog/2026/02/26/improving-portainer-security.html

CVE-2026-33590

Description

Incorrect Default Permissions

Common Consequences

Applicable Platforms

Iscriviti alla newsletter