CVE-2026-44885 | portainer Community Edition up to 2.33.7 api/archive/targz.go path traversal (GHSA-m8fg-67j7-cx4v)

Inserito da Angelo Barbosa | Mag 29, 2026 | CVE

A vulnerability, which was classified as critical, has been found in portainer Community Edition up to 2.33.7. This impacts an unknown function of the file api/archive/targz.go. This manipulation causes path traversal.

This vulnerability appears as CVE-2026-44885. The attack may be initiated remotely. There is no available exploit.

It is advisable to upgrade the affected component.

CVE-2026-44885 | portainer Community Edition up to 2.33.7 api/archive/targz.go path traversal (GHSA-m8fg-67j7-cx4v)

Post correlati

CVE-2025-6140 | spdlog up to 1.15.1 pattern_formatter-inl.h scoped_padder resource consumption (Issue 3360)

CVE-2026-3408 | Open Babel up to 3.1.1 CDXML File isrc/atom.cpp GetExplicitValence null pointer dereference (Issue 2848)

CVE-2025-22347 | BannerSky BSK Forms Blacklist Plugin up to 3.9 on WordPress cross-site request forgery

CVE-2025-46413 | BUFFALO WSR-1800AX4 weak password hash (EUVD-2025-38245)