Tag

CVE-2026-44850

1 brief RSS

Portainer Bind Mount Restriction Bypass via HostConfig.Mounts (CVE-2026-44850)

Portainer versions 2.33.0 through 2.33.7, 2.39.0 through 2.39.1, and 2.40.0 through 2.40.9 are vulnerable to CVE-2026-44850, a bind-mount restriction bypass via the `HostConfig.Mounts` array allowing regular users to mount host paths into containers and potentially compromise the host filesystem.

Portainer +2 privilege-escalation vulnerability container CVE-2026-44850

2r 1t 35m ago