portainer/portainer-mcp

v2.42.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 6d MCP SaaS Integrations

✓ No known CVEs patched

This release patches 1 known CVE

Topics

ai containerization llm mcp mcp-server portainer

Affected surfaces

deps

ReleasePort's take

Moderate signal

editorial:auto 6d

The release pins Starlette to >=1.0.1, addressing CVE-2026-48710 (BadHost).

Why it matters: CVE‑2026‑48710 severity is high; upgrading Starlette to version 1.0.1 or later mitigates the vulnerability.

AI summary

Pinned Starlette to >=1.0.1 closing CVE-2026-48710 and proxy now surfaces upstream HTTP failures as errors.

Type	Severity	Summary	CVE
Security	Critical	Pinned starlette to >=1.0.1, closing CVE-2026-48710 (BadHost). Pinned starlette to >=1.0.1, closing CVE-2026-48710 (BadHost). Source: llm_adapter@2026-05-29 Confidence: high	—
Bugfix	Medium	Proxy query_params and headers now tolerate JSON-string serialized object arguments. Proxy query_params and headers now tolerate JSON-string serialized object arguments. Source: llm_adapter@2026-05-29 Confidence: high	—
Bugfix	Medium	Proxy tools surface upstream HTTP failures as errors instead of silent results. Proxy tools surface upstream HTTP failures as errors instead of silent results. Source: llm_adapter@2026-05-29 Confidence: high	—

Full changelog

Targets Portainer 2.42.x.

Pinned starlette>=1.0.1 to close CVE-2026-48710 (BadHost). Starlette is transitive via fastmcp→mcp with no upstream floor at the fixed version; the pin is asserted directly so a re-lock can't drift back to a vulnerable release. Resolves to 1.2.0.

Proxy query_params / headers tolerate how different MCP clients serialize object arguments. Some clients (notably Claude Desktop) send the whole object as a JSON string, which pydantic rejected before the tool ran — blocking every Docker/Kubernetes endpoint that needs a query string (logs, all=true, label/field selectors, stats). A BeforeValidator now parses a JSON-string argument back into an object and normalizes each value to its wire form, so native bools/numbers and nested filters objects work too. The tool schema is unchanged, so the model still sees one canonical contract.
Proxy tools surface upstream HTTP failures as errors. docker_proxy / kubernetes_proxy previously returned a 4xx/5xx body as a normal result, so a failed call (e.g. a wrong environment_id 404) could be silently nulled out by a select projection and look like empty data. They now raise a tool error carrying the status and the (truncated) upstream body, so the model can tell a failed request from a missing field.

PyPI: https://pypi.org/project/mcp-portainer/2.42.3/

dep: CVE-2026-48710 — BadHost vulnerability fixed by pinning Starlette >=1.0.1 (resolves to 1.2.0)

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track portainer/portainer-mcp

Get notified when new releases ship.

About portainer/portainer-mcp

Portainer MCP server

v2.42.1 Breaks `make dev` to now require PORTAINER_MCP_AUTH_TOKEN for local HTTP loop.