{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/swarm/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Portainer (\u003e= 2.33.0, \u003c 2.33.8)","Portainer (\u003e= 2.39.0, \u003c 2.39.2)","Portainer (\u003e= 2.40.0, \u003c 2.41.0)","Docker Swarm"],"_cs_severities":["critical"],"_cs_tags":["portainer","docker","swarm","privilege-escalation","vulnerability","CVE-2026-44849"],"_cs_type":"advisory","_cs_vendors":["Portainer","Docker"],"content_html":"\u003cp\u003ePortainer enforces \u003ccode\u003eEndpointSecuritySettings\u003c/code\u003e restrictions to limit container configurations for non-admin users. However, these restrictions are not fully applied when creating or updating Docker Swarm services through the Portainer API. A non-admin user with access to a Docker Swarm endpoint can bypass these security measures by using the \u003ccode\u003ePOST /services/create\u003c/code\u003e or \u003ccode\u003ePOST /services/{id}/update\u003c/code\u003e endpoints. This bypass allows the user to escalate privileges, gaining capabilities such as mounting arbitrary host paths, elevating Linux capabilities (e.g., \u003ccode\u003eCAP_SYS_ADMIN\u003c/code\u003e), disabling syscall filtering, and disabling AppArmor confinement. The vulnerability affects all Portainer releases with Docker Swarm support prior to versions 2.33.8, 2.39.2, and 2.41.0, undermining the administrator\u0026rsquo;s security policy on Swarm-enabled endpoints. The volume driver local-bind variant was disclosed on 2026-03-12, and the Swarm service create/update bypass was disclosed on 2026-04-05.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated, non-admin user gains access to a Docker Swarm endpoint via Portainer RBAC.\u003c/li\u003e\n\u003cli\u003eThe user crafts a \u003ccode\u003ePOST /services/create\u003c/code\u003e request to create a new service, bypassing capability, sysctl, and security-opt checks.\u003c/li\u003e\n\u003cli\u003eAlternatively, the user creates a benign service and then sends a \u003ccode\u003ePOST /services/{id}/update\u003c/code\u003e request to modify the service, bypassing all security checks.\u003c/li\u003e\n\u003cli\u003eThe request includes configurations to elevate Linux capabilities (e.g., \u003ccode\u003eCapabilityAdd: [\u0026quot;ALL\u0026quot;]\u003c/code\u003e), disable syscall filtering (\u003ccode\u003ePrivileges.Seccomp.Mode: \u0026quot;unconfined\u0026quot;\u003c/code\u003e), or disable AppArmor confinement (\u003ccode\u003ePrivileges.AppArmor.Mode: \u0026quot;disabled\u0026quot;\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe request may also include configurations for arbitrary sysctl values inside the container namespace, and/or bind mounts of any host path, including sensitive paths such as \u003ccode\u003e/\u003c/code\u003e, \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e, or SSH keys.\u003c/li\u003e\n\u003cli\u003eThe Docker daemon creates or updates the service with the elevated privileges, bypassing Portainer\u0026rsquo;s intended security restrictions.\u003c/li\u003e\n\u003cli\u003eThe attacker can then leverage the elevated privileges to access the host filesystem (e.g., via \u003ccode\u003echroot /host\u003c/code\u003e) or perform other actions with root-equivalent access on the Swarm manager host.\u003c/li\u003e\n\u003cli\u003eThe final objective is to gain unauthorized access to sensitive data or systems, or to disrupt services running on the Docker Swarm cluster.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows a non-admin Portainer user to escalate privileges and gain root-equivalent access on the Swarm manager host. This bypasses the administrator\u0026rsquo;s security policy and enables the attacker to perform actions such as accessing sensitive data, modifying system configurations, or disrupting services. The impact is significant because it undermines the security model of Portainer and Docker Swarm, potentially leading to unauthorized access to critical infrastructure and data. The vulnerability affects every Portainer release with Docker Swarm support prior to versions 2.33.8, 2.39.2, and 2.41.0.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Portainer to versions 2.33.8, 2.39.2, or 2.41.0 to remediate CVE-2026-44849.\u003c/li\u003e\n\u003cli\u003eUntil an upgrade can be performed, temporarily revoke Swarm endpoint access for non-admin users via Portainer RBAC, as described in the advisory.\u003c/li\u003e\n\u003cli\u003eImplement a daemon-side allowlist to block the creation of local-driver volumes that use \u003ccode\u003etype: none\u003c/code\u003e / \u003ccode\u003eo: bind\u003c/code\u003e on untrusted endpoints, mitigating the volume-driver-bind variant of the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to your SIEM to detect exploitation attempts targeting the Portainer API.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T16:37:27Z","date_published":"2026-05-14T16:37:27Z","id":"https://feed.craftedsignal.io/briefs/2026-05-portainer-swarm-bypass/","summary":"Portainer is vulnerable to an endpoint security bypass via Swarm service create/update, enabling non-admin users with access to a Docker Swarm endpoint to bypass `EndpointSecuritySettings` restrictions and gain elevated privileges such as configuring services with elevated Linux capabilities, disabling syscall filtering and AppArmor confinement, setting arbitrary sysctl values, and mounting arbitrary host paths.","title":"Portainer Endpoint Security Bypass via Docker Swarm Service API","url":"https://feed.craftedsignal.io/briefs/2026-05-portainer-swarm-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Swarm","version":"https://jsonfeed.org/version/1.1"}