CVE-2026-44883: Portainer: JWT accepted in URL query leaks tokens to logs and referers
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token=<JWT> URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers on outbound navigation, so any JWT passed this way can be harvested by anyone with access to those logs or by an external site the user subsequently visits. A leaked token grants the full privileges of the user it was issued to, until the token expires (default 8 hours, configurable). The ?token= parameter was used by Portainer's browser-based container attach, exec, and pod shell features, so any user with exec or attach rights on a container was exposed — not only administrators. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0.
HarborGuard Analysis
HarborGuard analysisSynopsis
This is a token-leakage vulnerability in Portainer Community Edition (versions 2.33.0 through several release lines before 2.33.8, 2.39.2, and 2.41.0). Portainer's authentication middleware accepts JWT bearer tokens passed as a plain URL query parameter (?token=), and because URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers, those tokens are exposed to anyone who can read those logs or to external sites the user navigates to afterward. A leaked token carries the full privileges of the issuing user for up to eight hours, enabling account takeover, container manipulation, and service disruption. A patched-image rebuild is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-44883 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built Portainer images. Any image whose Portainer version falls within the affected ranges (>=2.33.0 and <2.33.8, >=2.39.0 and <2.39.2, >=2.40.0 and <2.41.0) is flagged automatically.
AvailableHarborGuard surfaces this CVE with its CVSS v4.0 score of 7.7 (HIGH) and weights it against each environment's compliance policy to determine routing priority. The resulting finding is routed to the appropriate team inbox within the customer organization based on configured ownership rules for container runtime images.
AvailableNo upstream fix version has been published at this time, so HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment upstream ships a fix. In the interim, customers with compensating-control recommendations enabled are surfaced with guidance on network-policy isolation to restrict Portainer API exposure.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must reach the Portainer API service over the network to harvest a token from logs or to receive it via an HTTP Referer header from an external site the victim navigates to.
- AuthenticationNot required
No account or credentials are needed by the attacker; the JWT is harvested passively from log access or an outbound Referer header rather than through an authenticated channel.
- Victim interactionRequired
A legitimate Portainer user must perform an action that triggers the ?token= query parameter (such as using the container attach, exec, or pod shell feature), generating a log entry or Referer header that leaks the token.
- Attack complexityDetail
Exploitation depends on environmental factors: the attacker must have access to reverse-proxy logs, browser history, or be in a position to observe outbound Referer headers, making reliable exploitation conditional on those access paths being present.
Blast Radius
- A leaked token grants the full API privileges of the victim user for up to eight hours, allowing the attacker to read all container configurations, secrets, and environment variables visible to that user.
- The attacker can execute arbitrary commands inside running containers or attach to container shells, enabling direct tampering with running workloads.
- Any container or pod the victim had exec or attach rights on can be stopped, deleted, or reconfigured by the attacker using the stolen token.
- The attacker can crash or restart containers under the victim's scope, causing service disruption to any workloads managed through that Portainer instance.
How HarborGuard Handles This
Available on HarborGuard: because no upstream fix has been published for CVE-2026-44883 at this time, HarborGuard re-checks the advisory on every ingest cycle and will surface a patched-image rebuild automatically the moment 2.33.8, 2.39.2, or 2.41.0 (or a later fix) becomes available upstream. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered without manual intervention once a fix ships. While no patch is available, compensating controls worth considering include restricting network access to the Portainer API to trusted internal networks via Kubernetes NetworkPolicy or firewall rules, configuring reverse proxies to redact or drop query strings from access logs, and reducing the JWT expiry window below the default eight hours through Portainer's authentication settings. Customers who opt into advisory monitoring will receive a notification the moment upstream publishes a patched release.
Metrics
- CVSS v4.0
- 7.7
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
- portainer / portainer>= 2.33.0, < 2.33.8 · >= 2.39.0, < 2.39.2 · >= 2.40.0, < 2.41.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N