CVE Catalog

CVE-2026-33590

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

18th percentile - higher than 18% of all known CVEs

Summary

The insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the host.

Risk Assessment

The organization is at risk of unauthorized access to sensitive data and the potential execution of malicious code on the server, which could lead to serious security breaches.

Recommendation

It is recommended to review and adjust the default settings of Portainer CE to restrict the privileges of non-administrative users and implement additional security measures.

Original NVD description (English source)

Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the host.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS