Portainer Community Edition versions 2.33.0 to before 2.33.8 contain an authorization bypass vulnerability in the kubeClientMiddleware component. The middleware fails to properly handle token validation errors due to a missing return statement, allowing unauthorized users to access Kubernetes endpoints. When security.RetrieveTokenData returns an error, execution continues with nil tokenData, bypassing authorization checks. An attacker needs a valid Portainer session to exploit this vulnerability. The flaw affects both Community Edition and Enterprise Edition codebases. The vulnerability is fixed in version 2.33.8.