CVE-2026-34040

Name of the Vulnerable Software and Affected Versions Moby/Docker Engine versions prior to 29.3.1

Description A security flaw in the Moby/Docker Engine allows attackers with local access to the Docker API or container to bypass authorization plugins (AuthZ). By using specially crafted, oversized HTTP request bodies, an attacker can cause the Docker daemon to forward requests to an authorization plugin without the body. This enables the evasion of access control decisions that rely on request body inspection, potentially allowing unauthorized daemon and container operations. This can lead to the creation of privileged containers with full host filesystem access, resulting in container escape, privilege escalation to the host, and complete host compromise.

Recommendations Upgrade Moby/Docker Engine to version 29.3.1 or later. Restrict Docker API access using TLS, firewall rules, and socket permissions to limit access to trusted users and networks. Avoid using AuthZ plugins that rely on request body inspection for security decisions as a temporary workaround. Review and harden AuthZ plugin configurations and validate request handling. Monitor Docker daemon and API logs for anomalous or crafted requests. Run Docker in rootless mode to mitigate risks. Remove or restrict untrusted authorization plugins.