When the service port is available, anyone can execute commands inside the container.
Kubernetes, a container orchestration system used by many companies worldwide, is a type of service. Lots of companies are exposing their Kubernetes API with no authentication; inside the Kubernetes cluster, small containers called Pods are ran. Essentially a pod represents a process inside the cluster. By having this exposed, an attacker can not only see what is running on the Pods but also execute commands on the Pods themselves.
If you have an API that doesn't have any authentication mechanism, set an authentication mechanism immediately.