CVE-2026-34040

Name of the Vulnerable Software and Affected Versions Moby versions prior to 29.3.1

Description A security issue exists in Moby that allows attackers to bypass authorization plugins (AuthZ) by providing oversized request bodies. This bypass can lead to unauthorized privileged container creation, potentially resulting in host escape and lateral movement within container environments. The issue is an incomplete fix for CVE-2024-41110. If you depend on AuthZ plugins that introspect the request body to make access control decisions, you are potentially impacted.

Recommendations Update to version 29.3.1 or later to address this issue. If an immediate update is not possible, avoid using AuthZ plugins that rely on request body inspection for security decisions. Restrict access to the Docker API to trusted parties, following the principle of least privilege.