A critical vulnerability in Portainer Community Edition allows non-admin users to bypass security settings, potentially gaining root-level control over the host system via Docker Swarm.

This vulnerability allows a non-admin user with access to a Docker Swarm endpoint to bypass security controls. By manipulating the creation or update process of Swarm services, an attacker can gain elevated privileges and potentially control the host system.

With a CVSS score of 8.8, this flaw presents a high risk of host-level compromise. An attacker could leverage this to gain root access to the host, leading to full system takeover, data theft, and the disruption of containerized applications, causing significant reputational and operational damage.

Immediate Action: Update Portainer Community Edition to versions 2.33.8, 2.39.2, or 2.41.0 immediately.

Proactive Monitoring: Monitor Swarm service creation/update logs for anomalous activity originating from non-admin accounts.

Compensating Controls: Restrict access to the Portainer interface and Docker Swarm endpoints to verified administrative users only.

Public Exploit Available: true

This vulnerability, combined with public exploit availability, necessitates an immediate response. Organizations should prioritize patching their Portainer installations to prevent attackers from escalating privileges and gaining control over their containerized environments and underlying infrastructure.