Product
portainer
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-44885
CVE-2026-44884
CVE-2026-44883
CVE-2026-44882
CVE-2026-44881
CVE-2026-44850
CVE-2026-44849
CVE-2026-44848
CVE-2024-33662
CVE-2024-33661
CVE-2024-29296
CVE-2022-24961
CVE-2021-42650
CVE-2020-24264
CVE-2020-24263
CVE-2019-16878
CVE-2019-16877
CVE-2019-16876
CVE-2019-16872
CVE-2019-16874
CVE-2019-16873
CVE-2018-19466
CVE-2018-19367
CVE-2018-16316
CVE-2018-12678
>= 2.33.0 and < 2.33.8
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage D
>= 2.33.0 and < 2.33.8
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage D
>= 2.33.0 and < 2.33.8
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage D
>= 2.33.0 and < 2.33.8
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage D
>= 2.33.0 and < 2.33.8
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage D
>= 2.33.0 and < 2.33.8
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage D
>= 2.33.0 and < 2.33.8
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage D
>= 2.33.0 and < 2.33.8
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage D
< 2.20.2
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.
< 2.20.0
Portainer before 2.20.0 allows redirects when the target is not index.yaml.
all versions
A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a d
< 2.11.1
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past
< 2.9.1
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
<= 1.24.1
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restric
<= 1.24.1
Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution
< 1.22.1
Portainer before 1.22.1 has XSS (issue 2 of 2).
< 1.22.1
Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).
< 1.22.1
Portainer before 1.22.1 allows Directory Traversal.
< 1.22.1
Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).
< 1.22.1
Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4).
< 1.22.1
Portainer before 1.22.1 has XSS (issue 1 of 2).
< 1.20.0
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cl
<= 1.19.2
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This
<= 1.19.1
A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrar
< 1.18.0
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the