Portainer (>= 2.39.0, < 2.39.2)

Portainer's authentication middleware accepts JWT bearer tokens passed as the `?token=<JWT>` URL query parameter on any authenticated API endpoint, leading to JWT leakage to logs and referrers, where a leaked token grants the full privileges of the user it was issued to, until the token expires.

Portainer is vulnerable to an endpoint security bypass via Swarm service create/update, enabling non-admin users with access to a Docker Swarm endpoint to bypass `EndpointSecuritySettings` restrictions and gain elevated privileges such as configuring services with elevated Linux capabilities, disabling syscall filtering and AppArmor confinement, setting arbitrary sysctl values, and mounting arbitrary host paths.

Portainer versions 2.33.0 through 2.33.7, 2.39.0 through 2.39.1, and 2.40.0 through 2.40.9 are vulnerable to CVE-2026-44850, a bind-mount restriction bypass via the `HostConfig.Mounts` array allowing regular users to mount host paths into containers and potentially compromise the host filesystem.

Portainer versions 2.33.0 through 2.33.7, 2.39.0 through 2.39.1, and 2.40.0 expose a missing authorization vulnerability (CVE-2026-44848) on the Docker plugin management endpoints, allowing a non-admin user with access to a Docker endpoint to install and enable arbitrary Docker plugins from any registry, ultimately leading to root privileges on the Docker host and unauthorized file system access.