Which versions of Portainer CE are affected by EUVD-2026-33007?

Portainer Community Edition contains a privilege escalation vulnerability (CVE-2026-33590, CVSS 8.5) that allows authenticated users to achieve root-level code execution on Docker host systems by…. A patch is available.

Portainer CE EUVD-2026-33007

Q: What is the CVSS score of EUVD-2026-33007?

EUVD-2026-33007 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

| CVE-2026-33590 HIGH

Incorrect Default Permissions (CWE-276)

2026-05-28 ENISA

GHSA-frhv-529m-5v9v

Privilege Escalation RCE Portainer Community Edition

8.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Patch available

May 28, 2026 - 21:02 EUVD

Source Code Evidence Fetched

May 28, 2026 - 20:24 vuln.today

Analysis Generated

May 28, 2026 - 20:24 vuln.today

CVSS changed

May 28, 2026 - 20:22 NVD

8.5 (HIGH)

DescriptionNVD

Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent

access on the host.

AnalysisAI

Privilege escalation in Portainer Community Edition stems from permissive default endpoint security settings that grant non-admin users with endpoint access the ability to create containers with bind mounts, privileged mode, host namespaces, device mappings, sysctl settings, and Linux capabilities. An authenticated low-privilege user can leverage these defaults to read arbitrary host files or break out of the container boundary to achieve root-equivalent code execution on the Docker host. …

RemediationAI

Within 24 hours: Inventory all Portainer Community Edition deployments and identify which are accessible to non-administrative users; prioritize instances managing production workloads. Within 7 days: Implement compensating controls and restrict endpoint access permissions to trusted administrative users only; review and disable all permissive container creation options (privileged mode, bind mounts, device mappings, host namespace access). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-33007 vulnerability details – vuln.today

Back

Portainer CE EUVD-2026-33007

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Portainer CE EUVD-2026-33007

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code