CVE-2026-44881 | portainer Community Edition up to 2.33.7/2.39.1/2.40.x /api/stacks/{id}/file link following (GHSA-rpgq-m5fp-32wr)

A vulnerability categorized as critical has been discovered in portainer Community Edition up to 2.33.7/2.39.1/2.40.x. Impacted is an unknown function of the file /api/stacks/{id}/file. Such manipulation leads to link following.

This vulnerability is referenced as CVE-2026-44881. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More