Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and A…

Portainer Community Edition versions 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0 contain a security bypass vulnerability. The 'Disable bind mounts for non-administrators' setting can be circumvented by authenticated users. The vulnerability occurs because the security check only inspects the legacy HostConfig.Binds array but ignores the equivalent HostConfig.Mounts array. Attackers can submit bind-typed entries under HostConfig.Mounts to mount any host path into their containers. This allows unauthorized access to host filesystem resources that should be restricted to administrators only.