CVE-2026-33590
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
The insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the host.
Risk Assessment
The organization is at risk of unauthorized access to sensitive data and the potential execution of malicious code on the server, which could lead to serious security breaches.
Recommendation
It is recommended to review and adjust the default settings of Portainer CE to restrict the privileges of non-administrative users and implement additional security measures.
Original NVD description (English source)
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the host.

