Listen to this Post
The vulnerability (CVE-2026-XXXX) abuses how Portainer handles Git‑backed stacks. When a user creates or updates a stack from a Git repository, Portainer clones the repo using go-git v5. This library converts Git symlink blobs (mode 0o120000) into actual OS symlinks via os.Symlink(). The only blocked path is .gitmodules; all other files, including the stack entry point docker-compose.yml, become symlinks without validation.
An attacker hosts a malicious repository where `docker-compose.yml` is a symlink to, for example, `/etc/passwd` or /var/run/secrets/kubernetes.io/serviceaccount/token. Portainer’s `GET /api/stacks/{id}/file` endpoint later reads the entry point with os.ReadFile(), which follows symlinks transparently. The endpoint returns the target file’s content verbatim in the HTTP response.
Any authenticated user who can create a Git‑backed stack (default in Portainer CE) can perform arbitrary file read. The impact is amplified by auto‑update: after a stack passes initial review, the attacker pushes a new commit that replaces the entry point with a symlink. On the next scheduled auto‑update, the file is read without further interaction.
dailycve form:
Platform: Portainer CE/EE
Version: 2.33.0-2.33.7, 2.39.0-2.39.1, ≤2.40.x
Vulnerability: Git symlink file read
Severity: High
date: 2026-03-20 (reported)
Prediction: Patched 2026-05-07
What Undercode Say:
Check if Portainer container is vulnerable (example) docker exec portainer sh -c 'grep -r "go-git" /app/portainer' 2>/dev/null Audit existing stack working directories for symlinks find /data/compose -type l -ls Simulate symlink clone (PoC concept) git init malicious-stack ln -s /etc/passwd docker-compose.yml git add docker-compose.yml git commit -m "malicious symlink"
Exploit:
- Create Git repository with `docker-compose.yml` symlink pointing to target (e.g.,
../../../../etc/shadow). - In Portainer, create a new Git‑backed stack using the malicious repo URL.
- Immediately call `GET /api/stacks/{stack_id}/file` (or wait for auto‑update) to retrieve the target file content.
- For auto‑update, push a new commit that adds the symlink after stack creation; no further interaction needed.
Protection from this CVE:
- Upgrade to Portainer 2.33.8, 2.39.2, or 2.41.0+.
- If upgrade impossible, restrict stack creation to admins only (disable “Allow non‑admin users to manage their stacks”).
- Disable auto‑update on all existing Git‑backed stacks.
- Avoid using untrusted Git repositories for stacks.
- Audit existing stacks: `find /data/compose -type l` and investigate unexpected symlinks.
Impact:
- Arbitrary file read as root (Portainer process often runs with Docker socket → root). Exfiltrate
/etc/shadow,/proc/self/environ, `portainer.db` (password hashes, API tokens). - Kubernetes service account token (
/var/run/secrets/kubernetes.io/serviceaccount/token) – grants cluster API access. - Docker Swarm secrets (mounted under
/run/secrets/). - Leads to onward compromise: container registries, managed clusters, and other user accounts.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

