HarborGuard / CVE
Back to search
HIGHCVE-2026-44881Published Modified CNA GitHub_M

CVE-2026-44881: Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using go-git v5, which translates Git blob entries with mode 0o120000 (symlink) into real OS symlinks on the host filesystem via os.Symlink. The only entry blocked from becoming a symlink is .gitmodules; every other path is created as a symlink without validation. Portainer's GET /api/stacks/{id}/file endpoint then reads the stack entry point with os.ReadFile, which follows OS symlinks transparently. A repository containing docker-compose.yml as a symlink to an arbitrary filesystem path causes the symlink target's contents to be returned verbatim in the HTTP response. Any authenticated user with rights to create or update a Git-backed stack — the default configuration in Portainer CE — can read arbitrary files accessible to the Portainer process. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0.

HarborGuard Analysis

HarborGuard analysis

Synopsis

An arbitrary file read vulnerability exists in Portainer Community Edition, affecting versions 2.33.0 through before 2.33.8, 2.39.2, and 2.41.0. An authenticated user with stack management rights can create a Git-backed stack whose repository contains a symlink pointing to any file on the host filesystem; when Portainer reads the stack entry point, it follows the symlink and returns the target file's contents in the HTTP response. Successful exploitation gives the attacker read access to any file readable by the Portainer process, including secrets, credentials, and other sensitive host data. A patched-image rebuild at versions 2.33.8, 2.39.2, and 2.41.0 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-44881 is available across every HarborGuard environment, with the CVE matched against images in customer registries and CI/CD pipelines within minutes of feed publication. Coverage extends to custom-built Portainer images so that internally maintained variants are not missed.

Available
Triage

HarborGuard is capable of scoring this CVE at CVSS v4.0 8.5 (HIGH) and weighting results against each customer environment's compliance policy to determine urgency. Findings can be routed to the appropriate team inbox within each customer org based on configured ownership rules.

Available
Patch

Because fix versions 2.33.8, 2.39.2, and 2.41.0 are published, a patched-image rebuild at those versions is available on HarborGuard for any environment running an affected version. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The Portainer API must be reachable over the network; an attacker sends HTTP requests to the /api/stacks and /api/stacks/{id}/file endpoints remotely.

  • AuthenticationRequired

    A low-privilege account with rights to create or update a Git-backed stack is sufficient; no admin credentials are needed, and this permission is granted to users by default in Portainer CE.

  • Victim interactionNot required

    No victim action is needed; the attacker triggers the file read entirely through their own API requests.

  • Attack complexityDetail

    The exploit is reliable and condition-free: crafting a repository with a symlink entry and calling the stack file endpoint is deterministic with no race conditions or environmental dependencies.

Blast Radius

  • Reads arbitrary files accessible to the Portainer process, including host secrets, TLS certificates, and environment variable files containing credentials.
  • Reads Portainer's own internal configuration and authentication token stores, enabling credential harvesting for further lateral movement.
  • Exposes Kubernetes kubeconfig files or Docker socket credentials stored on the host, which can be used to pivot into managed container environments.
  • High impact on systems beyond the Portainer container itself (SC:H, SI:H, SA:H) means a successful read of the right credential file can grant an attacker control over the entire orchestration layer.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-44881 is active for all customer images matching affected Portainer CE version ranges (2.33.0 to before 2.33.8, 2.39.0 to before 2.39.2, and 2.40.0 to before 2.41.0). Patched rebuilds at 2.33.8, 2.39.2, and 2.41.0 are available for any environment running a vulnerable version. For customers who opt into auto-remediation, HarborGuard can rebuild the image at the appropriate fix version, run a regression test run, and open a pull request against affected workloads; for HIGH-severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where auto-remediation is not enabled, the finding is surfaced in the HarborGuard dashboard with version pin guidance. As a compensating control while a rebuild is pending, network-policy isolation of the Portainer API to trusted operator networks reduces the exposure window by limiting which accounts can reach the stack creation and file read endpoints.

See how HarborGuard automates this

Metrics

CVSS v4.0
8.5
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • portainer / portainer
    >= 2.33.0, < 2.33.8 · >= 2.39.0, < 2.39.2 · >= 2.40.0, < 2.41.0
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
References