CVE-2026-33747

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.28.1

Description BuildKit is a toolkit for converting source code to build artifacts. When using a custom BuildKit frontend, a malicious frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. This issue requires using an untrusted BuildKit frontend set with #syntax or --build-arg BUILDKIT SYNTAX. Using these options with a well-known frontend image like docker/dockerfile is not affected. The API message crafted by the frontend can lead to file escape outside of the storage root.

Recommendations Versions prior to 0.28.1 should be updated to version 0.28.1 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2026-07149

CLEANSTART-2026-FK40318

CVE-2026-33747

GHSA-4C29-8RGM-JVJJ

GO-2026-4858

OPENSUSE-SU-2026:10456-1

OPENSUSE-SU-2026:10472-1

OPENSUSE-SU-2026:10651-1

OPENSUSE-SU-2026:20702-1

OPENSUSE-SU-2026:20809-1

OPENSUSE-SU-2026:20814-1

SUSE-SU-2026:1205-1

SUSE-SU-2026:2120-1

SUSE-SU-2026:21851-1

USN-8230-1

Affected Products

Buildkit

Linuxmint

Red Os

Ubuntu

CVE-2026-33747

Weakness Enumeration

Related Identifiers

Affected Products

References · 102