Portainer CVE-2026-44882
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
Portainer proxies requests to Kubernetes clusters through a middleware layer (kubeClientMiddleware) that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missing a return statement - execution continued into the handler with a nil tokenData value.
The Kubernetes endpoints sit behind Portainer's outer AuthenticatedAccess bouncer, so an attacker requires a valid Portainer session. However, a user whose secondary token validation fails in kubeClientMiddleware - for example a user without permission to access a given Kubernetes endpoint - would have their request forwarded to the cluster anyway, bypassing the authorization check. The same defect was present in both the CE and EE codebases.
Severity
High CWE-863 - Incorrect Authorization
Privilege required is Low - any valid Portainer session is sufficient to reach the middleware. Once the authorization outcome is bypassed, the attacker can read and modify Kubernetes resources on the target endpoint that their role should not permit - confidentiality and integrity impact are both High. No availability impact is introduced directly.
Affected Versions
The missing return statement has been present since Kubernetes proxy support was introduced.
| Branch | First vulnerable | Fixed in |
|---|---|---|
| 2.33.x (LTS) | 2.33.0 | 2.33.8 |
Portainer 2.39.0 and later are not affected - the fix was present from the initial 2.39.0 release. All releases prior to 2.33.0 are end-of-life and will not receive a fix; users on EOL versions should upgrade to a supported release.
Workarounds
There is no configuration change that prevents the bypass directly. Administrators who cannot immediately upgrade can reduce exposure by:
- Restricting Kubernetes endpoint access. Remove Portainer access to Kubernetes endpoints for users who do not require it. A user without endpoint access cannot reach
kubeClientMiddleware. - Auditing Kubernetes RBAC. Ensure the service account Portainer uses to proxy cluster requests carries least-privilege RBAC permissions - this limits the blast radius if the bypass is exploited.
Neither of these replaces the fix.
Affected Code
kubeClientMiddleware in api/http/handler/kubernetes/handler.go wrote the error response but did not return, allowing execution to continue with nil tokenData:
// api/http/handler/kubernetes/handler.go (pre-fix - CE and EE)
tokenData, err := security.RetrieveTokenData(r)
if err != nil {
httperror.WriteError(w, http.StatusForbidden,
"permission denied to access the environment", err)
// missing return - tokenData is nil, execution continues
}
// tokenData.ID dereferenced on the next line:
_, ok := handler.KubernetesClientFactory.GetProxyKubeClient(
strconv.Itoa(endpointID), strconv.Itoa(int(tokenData.ID)))The fix adds a single return after the WriteError call in both CE and EE:
// post-fix
if err != nil {
httperror.WriteError(w, http.StatusForbidden,
"permission denied to access the environment", err)
return
}Impact
- Kubernetes authorization bypass. A low-privileged Portainer user can reach Kubernetes API endpoints on environments their role does not permit, with the proxy client of the legitimate session used as the vehicle.
- Cluster resource access. Depending on the service account permissions Portainer holds on the cluster, the attacker can read or modify namespaced resources - including pods, secrets, config maps, and deployments.
- Potential for lateral movement. Kubernetes secrets readable through this path may contain credentials for other services within the cluster or the broader infrastructure.
Timeline
- 2026-02-16: Fix merged to develop.
- 2026-02-25: 2.39.0 released with fix.
- 2026-05-07: 2.33.8 released with backport fix.
AnalysisAI
Authorization bypass in Portainer 2.33.0 through 2.33.7 allows authenticated users to access Kubernetes cluster resources beyond their assigned permissions due to missing return statement in middleware error handling. Any user with a valid Portainer session can exploit this to read or modify Kubernetes secrets, pods, deployments, and other resources on endpoints they should not access. The flaw affects both Community Edition and Enterprise Edition. Fixed in version 2.33.8 and inherently absent from 2.39.0+. No public exploit code identified at time of analysis, though the single-line code fix and detailed GitHub advisory make reproduction straightforward for authenticated attackers.
Technical ContextAI
Portainer is a container management platform that provides web-based administration for Docker, Kubernetes, and other container orchestration systems. The vulnerability resides in the Kubernetes API proxy middleware layer (kubeClientMiddleware in api/http/handler/kubernetes/handler.go), which sits between Portainer's authentication layer and the Kubernetes cluster backend. When the middleware calls security.RetrieveTokenData to validate a user's secondary authorization for a specific Kubernetes endpoint, it correctly writes an HTTP 403 response on validation failure but omits the return statement. This control flow error (CWE-863: Incorrect Authorization) causes execution to continue with a nil tokenData pointer, allowing the request to be proxied to the Kubernetes cluster with the service account credentials Portainer holds, effectively bypassing Portainer's role-based access controls. The affected package is identified as pkg:go/github.com_portainer_portainer in the Go ecosystem. The bug has existed since Kubernetes proxy support was introduced but only impacts the 2.33.x LTS branch; the 2.39.0 codebase was refactored to include the fix from initial release.
RemediationAI
Upgrade to Portainer 2.33.8 (LTS) or 2.39.0+ immediately. The patch consists of a single return statement added after the HTTP 403 response in kubeClientMiddleware, preventing nil pointer dereference and ensuring authorization failures halt request processing. Download from github.com/portainer/portainer/releases/tag/2.33.8 or the official Portainer distribution channels. For organizations unable to patch immediately, implement two compensating controls in parallel: first, remove Kubernetes endpoint access permissions in Portainer for all users who do not require cluster management-users without endpoint access cannot reach the vulnerable middleware path, eliminating the attack surface for those accounts. Second, audit and restrict the Kubernetes RBAC permissions assigned to the service account Portainer uses for cluster proxying; apply least-privilege principles to limit blast radius if the bypass is exploited (this does not prevent the bypass but contains lateral movement). Note that RBAC auditing trades operational flexibility for containment-overly restrictive service account permissions may break legitimate Portainer workflows for authorized users. Neither workaround replaces the patch; they are temporary risk reduction measures only.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-mgq6-4x29-88r3