CVE-2026-44881

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0

Description Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, the software clones the repository using go-git v5, which translates Git blob entries with mode 0o120000 (symlink) into real OS symlinks on the host filesystem via os.Symlink. Except for .gitmodules, all other paths are created as symlinks without validation. The GET /api/stacks/{id}/file endpoint reads the stack entry point using os.ReadFile, which follows OS symlinks transparently. If a repository contains docker-compose.yml as a symlink to an arbitrary filesystem path, the contents of that target are returned in the HTTP response. Any authenticated user with rights to create or update a Git-backed stack can read arbitrary files accessible to the Portainer process, which typically runs as root. This can lead to the exposure of /etc/shadow, Kubernetes service account tokens, Docker secrets, and the Portainer database. The issue can be exploited via Git-stack auto-update, where a legitimate repository is later updated with a malicious symlink that is triggered during the next scheduled update cycle.

Recommendations Update Portainer Community Edition to version 2.33.8. Update Portainer Community Edition to version 2.39.2. Update Portainer Community Edition to version 2.41.0. Disable the Allow non-admin users to manage their stacks setting in environment settings to restrict Git-backed stack creation to administrators. Avoid deploying Git-backed stacks from untrusted or unreviewed repositories. Disable auto-update on existing stacks to prevent deferred exploitation. Audit project paths under /data/compose/ for unexpected symlink entries using find /data/compose -type l.