HarborGuard / CVE
Back to search
HIGHCVE-2026-44850Published Modified CNA GitHub_M

CVE-2026-44850: Portainer: Bind-mount restriction bypass via HostConfig.Mounts

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for non-administrators security setting that blocks regular users from binding host paths into containers they create through the Portainer-mediated Docker API. The check that enforces this setting only inspected the legacy HostConfig.Binds array on the container-create proxy and never looked at the equivalent HostConfig.Mounts array. Any authenticated user with rights to create containers on a Docker environment where the restriction is enabled could submit a bind-typed entry under HostConfig.Mounts and mount any host path into their container. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0.

HarborGuard Analysis

HarborGuard analysis

Synopsis

This is an authorization bypass vulnerability in Portainer Community Edition (versions 2.33.0 through ranges before 2.33.8, 2.39.2, and 2.41.0). The flaw is reachable over the network by any authenticated low-privilege user and requires no victim interaction. Successful exploitation lets an attacker mount arbitrary host filesystem paths into a container they create, bypassing the platform-level bind-mount restriction that administrators set to protect host data. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment upstream fix versions are confirmed published.

HarborGuard Coverage

Detection

Detection of CVE-2026-44850 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built Portainer-derived images. Any image carrying an affected Portainer version (2.33.0 to before 2.33.8, 2.39.0 to before 2.39.2, or 2.40.0 to before 2.41.0) is flagged automatically.

Available
Triage

Triage is available at a CVSS v3.1 score of 8.5 (HIGH), with scope change noted in the vector, reflecting the cross-boundary host access impact. Per-environment compliance policy weighting can escalate or adjust priority, and findings are routable to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no fix versions have been confirmed published upstream as of this record, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream release is confirmed. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered automatically at that point, subject to each environment's compliance policy.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The Portainer API is exposed over the network, so the attacker must be able to reach the service remotely to submit the malformed container-create request.

  • AuthenticationRequired

    A low-privilege account with container-creation rights on a Docker environment is sufficient; no administrative credentials are needed.

  • Victim interactionNot required

    The attacker submits the crafted API request directly; no action from another user or administrator is required.

  • Attack complexityDetail

    Exploitation is reliable and condition-free: the bypass requires only a well-formed container-create payload with HostConfig.Mounts instead of HostConfig.Binds, with no race conditions or special environmental state needed.

Blast Radius

  • Reads arbitrary host filesystem paths, including sensitive files such as private keys, secrets, and configuration data that the container user has permission to access after mounting.
  • Writes or modifies host filesystem content within the mounted path if the mount is writable, allowing tampering with host-resident files outside the container boundary.
  • Enables container escape primitives by mounting paths such as /etc, /var/run/docker.sock, or similar, expanding attacker control beyond the container to the underlying host.
  • Bypasses an explicitly configured administrator security control, meaning the impact extends to the integrity of the Portainer security model for the entire Docker environment.

How HarborGuard Handles This

Available on HarborGuard: scanning for this CVE is active across all connected environments, and any image running an affected Portainer version is surfaced with a HIGH severity finding and the scope-change notation from the CVSS vector. Because no upstream fix has been published yet, HarborGuard monitors the advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment a confirmed fix version appears upstream. For customers with auto-remediation enabled, that rebuild triggers a regression-test run and a PR opened against affected workloads without manual intervention, subject to each environment's compliance policy. In the interim, compensating controls worth considering include network-policy rules that restrict which principals can reach the Portainer API, enforcement of stricter RBAC so container-creation rights are granted only where necessary, and audit-log review for container-create requests that include HostConfig.Mounts entries in environments where bind mounts are supposed to be disabled.

See how HarborGuard automates this

Metrics

CVSS v3.1
8.5
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • portainer / portainer
    >= 2.33.0, < 2.33.8 · >= 2.39.0, < 2.39.2 · >= 2.40.0, < 2.41.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
References