Security Advisory

Portainer Product Security Update Advisory

Jun 01 2026

Portainer Product Security Update Advisory

Overview

A security update has been released to address a vulnerability in the Portainer product. users of the affected products were advised to update to the latest version.

Affected Versions

Portainer 2.33.0 and later but earlier than 2.33.8.
Portainer 2.39.0 and later but earlier than 2.39.2.
Portainer 2.40.0 or later but not earlier than 2.41.0.

Resolved Vulnerabilities

CVE-2026-44848: A remote code execution vulnerability (RCE) in Portainer, which could allow arbitrary code execution on the system.
CVE-2026-44849: An endpoint security bypass vulnerability in Portainer.

Patch information

vulnerability patches have been made available in the latest update. the patched versions are Portainer 2.33.8, 2.39.2, and 2.41.0.

Notes

[1] Missing authorization on Docker plugin endpoints allows host RCE.
[2] Endpoint security bypass via Swarm service create/update.

Previous Post

DAEMON Tools Lite Security Update Advisory (CVE-2026-8398)

Next Post

Notepad++ Security Update Advisory