Portainer, Git Symlink File Read, CVE-2026-XXXX (High)

Listen to this Post

The vulnerability (CVE-2026-XXXX) abuses how Portainer handles Git‑backed stacks. When a user creates or updates a stack from a Git repository, Portainer clones the repo using go-git v5. This library converts Git symlink blobs (mode 0o120000) into actual OS symlinks via os.Symlink(). The only blocked path is .gitmodules; all other files, including the stack entry point docker-compose.yml, become symlinks without validation.
An attacker hosts a malicious repository where `docker-compose.yml` is a symlink to, for example, `/etc/passwd` or /var/run/secrets/kubernetes.io/serviceaccount/token. Portainer’s `GET /api/stacks/{id}/file` endpoint later reads the entry point with os.ReadFile(), which follows symlinks transparently. The endpoint returns the target file’s content verbatim in the HTTP response.
Any authenticated user who can create a Git‑backed stack (default in Portainer CE) can perform arbitrary file read. The impact is amplified by auto‑update: after a stack passes initial review, the attacker pushes a new commit that replaces the entry point with a symlink. On the next scheduled auto‑update, the file is read without further interaction.

dailycve form:

Platform: Portainer CE/EE
Version: 2.33.0-2.33.7, 2.39.0-2.39.1, ≤2.40.x
Vulnerability: Git symlink file read
Severity: High
date: 2026-03-20 (reported)

Prediction: Patched 2026-05-07

What Undercode Say:

Check if Portainer container is vulnerable (example)
docker exec portainer sh -c 'grep -r "go-git" /app/portainer' 2>/dev/null
Audit existing stack working directories for symlinks
find /data/compose -type l -ls
Simulate symlink clone (PoC concept)
git init malicious-stack
ln -s /etc/passwd docker-compose.yml
git add docker-compose.yml
git commit -m "malicious symlink"

Exploit:

  1. Create Git repository with `docker-compose.yml` symlink pointing to target (e.g., ../../../../etc/shadow).
  2. In Portainer, create a new Git‑backed stack using the malicious repo URL.
  3. Immediately call `GET /api/stacks/{stack_id}/file` (or wait for auto‑update) to retrieve the target file content.
  4. For auto‑update, push a new commit that adds the symlink after stack creation; no further interaction needed.

Protection from this CVE:

  • Upgrade to Portainer 2.33.8, 2.39.2, or 2.41.0+.
  • If upgrade impossible, restrict stack creation to admins only (disable “Allow non‑admin users to manage their stacks”).
  • Disable auto‑update on all existing Git‑backed stacks.
  • Avoid using untrusted Git repositories for stacks.
  • Audit existing stacks: `find /data/compose -type l` and investigate unexpected symlinks.

Impact:

  • Arbitrary file read as root (Portainer process often runs with Docker socket → root). Exfiltrate /etc/shadow, /proc/self/environ, `portainer.db` (password hashes, API tokens).
  • Kubernetes service account token (/var/run/secrets/kubernetes.io/serviceaccount/token) – grants cluster API access.
  • Docker Swarm secrets (mounted under /run/secrets/).
  • Leads to onward compromise: container registries, managed clusters, and other user accounts.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top