PT-2021-7960 · Docker+4 · Moby+5

Lei Wang

Published

2021-09-09

Updated

2026-05-18

CVE-2021-41089

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moby (Docker Engine) versions prior to 20.10.9

Description A bug was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.

Recommendations To resolve the issue, update to Moby (Docker Engine) version 20.10.9 as soon as possible. Running containers do not need to be restarted. As a temporary workaround, ensure you only run trusted containers.

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

BDU:2023-07628

CLEANSTART-2026-BK59402

CLEANSTART-2026-BN11148

CLEANSTART-2026-GY69323

CLEANSTART-2026-HI89495

CLEANSTART-2026-HL71566

CLEANSTART-2026-JD48541

CLEANSTART-2026-OS18490

CLEANSTART-2026-SB85645

CLEANSTART-2026-SP51034

CLEANSTART-2026-TD34476

CLEANSTART-2026-XL45869

CLEANSTART-2026-YB44027

CLEANSTART-2026-ZM20570

CVE-2021-41089

GHSA-V994-F8VW-G7J4

GO-2024-2913

MGASA-2021-0500

OESA-2022-1739

OPENSUSE-SU-2021:1404-1

OPENSUSE-SU-2021:3506-1

OPENSUSE-SU-2021_1404-1

OPENSUSE-SU-2021_3506-1

OPENSUSE-SU-2022:0334-1

OPENSUSE-SU-2022_0334-1

OPENSUSE-SU-2024:11579-1

OPENSUSE-SU-2025:15589-1

SUSE-SU-2021:3336-1

SUSE-SU-2021:3506-1

SUSE-SU-2022:0213-1

SUSE-SU-2022:0334-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

USN-5103-1

Affected Products

Astra Linux

Docker

Linuxmint

Moby

Suse

Ubuntu

PT-2021-7960 · Docker+4 · Moby+5

CVE-2021-41089

Weakness Enumeration

Related Identifiers

Affected Products

References · 398