How is CVE-2026-44848 exploited?

Network reachability (required): The attacker must reach the Portainer web service over the network; the vulnerable plugin management endpoints are exposed via Portainer's HTTP API. Authentication (required): A low-privilege Portainer account is sufficient; any Standard User role or any role with endpoint-level access granted via Portainer RBAC can trigger the vulnerable endpoints. Victim interaction (not-required): No victim interaction is needed; the attacker calls the plugin management API directly without any user action required on the target side. Attack complexity (info): Attack complexity is low; the exploit is reliable and condition-free, requiring no race conditions, memory layout dependencies, or special environmental factors.

What is the impact of CVE-2026-44848?

Installs and enables arbitrary Docker plugins running as root on the host, giving the attacker full host-level code execution. Reads any data accessible on the Docker host, including secrets, credentials, and filesystem contents from all co-located containers. Modifies or destroys container workloads, host filesystem contents, and persisted data on the underlying Docker daemon. Disrupts or terminates any running containers and services on the affected Docker host, causing availability loss across all workloads on that host.

Back to search

CRITICALCVE-2026-44848Published 2026-05-28Modified 2026-05-28CNA GitHub_M

CVE-2026-44848: Portainer: Missing authorization on Docker plugin endpoints allows host RCE

Q: Is CVE-2026-44848 patched?

Because no upstream fix has been published, HarborGuard re-checks the advisory each ingest cycle and will make a patched-image rebuild available automatically the moment a fix version appears upstream. In the interim, customers can apply compensating controls through HarborGuard policy enforcement, including network-policy isolation of Portainer endpoints and access-control annotations on affected workloads.

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints (/plugins/*) were not registered with a handler, so standard users with endpoint access could call privileged plugin operations — including installing and enabling plugins — directly against the underlying Docker daemon. The vulnerability is exposed when a non-admin Portainer user (Standard User role, or any role granted endpoint-level access) has been given access to a Docker endpoint via Portainer RBAC. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0.

HarborGuard Analysis

HarborGuard analysis

Synopsis

Missing authorization on Docker plugin management endpoints in Portainer Community Edition allows any authenticated standard user with endpoint access to install and enable Docker plugins directly against the underlying Docker daemon. The vulnerability is reachable over the network and requires only a low-privilege Portainer account with endpoint-level access granted via Portainer RBAC. Successful exploitation gives an attacker the ability to install arbitrary Docker plugins, which run as root on the host and enable full host-level remote code execution, data access, and service disruption. No fix versions have been published yet; HarborGuard is tracking the advisory and will make a patched-image rebuild available the moment upstream ships a release.

HarborGuard Coverage

Detection

Detection of CVE-2026-44848 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI pipelines, including custom-built Portainer images. Any image running an affected Portainer version in the range >=2.33.0,<2.33.8 or >=2.39.0,<2.39.2 or >=2.40.0,<2.41.0 will surface as a finding.

Available

Triage

Triage is available with the full CVSS v4.0 score of 9.4 (CRITICAL), including per-environment compliance policy weighting that can escalate or suppress routing based on each customer org's risk tolerance. Findings are routed to the appropriate team inbox within the customer organization based on image ownership and policy configuration.

Available

Patch

Because no upstream fix has been published, HarborGuard re-checks the advisory each ingest cycle and will make a patched-image rebuild available automatically the moment a fix version appears upstream. In the interim, customers can apply compensating controls through HarborGuard policy enforcement, including network-policy isolation of Portainer endpoints and access-control annotations on affected workloads.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Portainer web service over the network; the vulnerable plugin management endpoints are exposed via Portainer's HTTP API.
AuthenticationRequired
A low-privilege Portainer account is sufficient; any Standard User role or any role with endpoint-level access granted via Portainer RBAC can trigger the vulnerable endpoints.
Victim interactionNot required
No victim interaction is needed; the attacker calls the plugin management API directly without any user action required on the target side.
Attack complexityDetail
Attack complexity is low; the exploit is reliable and condition-free, requiring no race conditions, memory layout dependencies, or special environmental factors.

Blast Radius

Installs and enables arbitrary Docker plugins running as root on the host, giving the attacker full host-level code execution.
Reads any data accessible on the Docker host, including secrets, credentials, and filesystem contents from all co-located containers.
Modifies or destroys container workloads, host filesystem contents, and persisted data on the underlying Docker daemon.
Disrupts or terminates any running containers and services on the affected Docker host, causing availability loss across all workloads on that host.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix has been published for CVE-2026-44848 as of the publication date, HarborGuard monitors the advisory on every ingest cycle and will trigger a patched-image rebuild and, for customers with auto-remediation enabled, a regression test run and a PR opened against affected workloads the moment a fix version is released upstream. In the meantime, customers can reduce exposure through compensating controls: applying network policy to restrict access to Portainer's API port to known administrative source CIDRs only, enforcing egress filtering on the Portainer container to limit plugin installation reach, and auditing Portainer RBAC to remove unnecessary endpoint-level access from standard user accounts. Customers using HarborGuard's policy engine can flag any image running an affected Portainer version as non-compliant to gate deployment in production environments until a fix is available.

See how HarborGuard automates this

CVSS v4.0: 9.4
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

portainer / portainer
>= 2.33.0, < 2.33.8 · >= 2.39.0, < 2.39.2 · >= 2.40.0, < 2.41.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

References

https://github.com/portainer/portainer/security/advisories/GHSA-rrmm-9v76-h3p4