Vulnerability-Lookup

WID-SEC-W-2026-0873

Vulnerability from csaf_certbund - Published: 2026-03-25 23:00 - Updated: 2026-05-04 22:00

Summary

docker: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in docker ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2026-33747

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh <3.1.7 Red Hat / OpenShift		Service Mesh <3.1.7
Open Source docker <v29.3.1 Open Source / docker		<v29.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-33748

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh <3.1.7 Red Hat / OpenShift		Service Mesh <3.1.7
Open Source docker <v29.3.1 Open Source / docker		<v29.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-33997

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh <3.1.7 Red Hat / OpenShift		Service Mesh <3.1.7
Open Source docker <v29.3.1 Open Source / docker		<v29.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-34040

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh <3.1.7 Red Hat / OpenShift		Service Mesh <3.1.7
Open Source docker <v29.3.1 Open Source / docker		<v29.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

References

19 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/moby/moby/releases/tag/docker-…	external
https://github.com/moby/moby/security/advisories/…	external
https://github.com/moby/moby/security/advisories/…	external
https://github.com/moby/buildkit/security/advisor…	external
https://github.com/moby/buildkit/security/advisor…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-…	external
https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAV…	external
https://alas.aws.amazon.com/AL2/ALAS2ECS-2026-106.html	external
https://docs.cloud.google.com/container-optimized…	external
https://access.redhat.com/errata/RHSA-2026:9448	external
https://access.redhat.com/errata/RHSA-2026:9453	external
https://access.redhat.com/errata/RHSA-2026:10125	external
https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-…	external
https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAV…	external
https://lists.opensuse.org/archives/list/security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in docker ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0873 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0873.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0873 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0873"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-25",
        "url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-25",
        "url": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-25",
        "url": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-25",
        "url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-25",
        "url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10456-1 vom 2026-03-31",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ALAYFKV47ZMD6AVIDBCU45FBNRL6UECT/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10472-1 vom 2026-04-02",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VLNXV4YWAMBBMW4SAHSBAB45RZLQ52A2/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-108 vom 2026-04-14",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-108.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2026-094 vom 2026-04-14",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAVES-2026-094.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2ECS-2026-106 vom 2026-04-14",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2ECS-2026-106.html"
      },
      {
        "category": "external",
        "summary": "Container-Optimized OS release notes vom 2026-04-14",
        "url": "https://docs.cloud.google.com/container-optimized-os/docs/release-notes#April_13_2026"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9448 vom 2026-04-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:9448"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9453 vom 2026-04-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:9453"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:10125 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:10125"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-111 vom 2026-04-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-111.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2026-097 vom 2026-04-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAVES-2026-097.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:0163-1 vom 2026-05-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IFW45RUOZS7A7TR64FJFNY73BSZ7AEOP/"
      }
    ],
    "source_lang": "en-US",
    "title": "docker: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-04T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-05T08:26:33.192+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0873",
      "initial_release_date": "2026-03-25T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-25T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-26T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-16518"
        },
        {
          "date": "2026-03-29T22:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-16618"
        },
        {
          "date": "2026-03-31T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-04-06T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-04-13T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-04-14T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-04-21T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-29T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von openSUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "11"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Google Container-Optimized OS",
            "product": {
              "name": "Google Container-Optimized OS",
              "product_id": "1607324",
              "product_identification_helper": {
                "cpe": "cpe:/o:google:container-optimized_os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv29.3.1",
                "product": {
                  "name": "Open Source docker \u003cv29.3.1",
                  "product_id": "T052151"
                }
              },
              {
                "category": "product_version",
                "name": "v29.3.1",
                "product": {
                  "name": "Open Source docker v29.3.1",
                  "product_id": "T052151-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:docker:docker:v29.3.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "docker"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Service Mesh \u003c3.1.7",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh \u003c3.1.7",
                  "product_id": "T053044"
                }
              },
              {
                "category": "product_version",
                "name": "Service Mesh 3.1.7",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 3.1.7",
                  "product_id": "T053044-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:service_mesh__3.1.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-33747",
      "product_status": {
        "known_affected": [
          "T053044",
          "T052151",
          "67646",
          "T027843",
          "398363",
          "1607324"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33747"
    },
    {
      "cve": "CVE-2026-33748",
      "product_status": {
        "known_affected": [
          "T053044",
          "T052151",
          "67646",
          "T027843",
          "398363",
          "1607324"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33748"
    },
    {
      "cve": "CVE-2026-33997",
      "product_status": {
        "known_affected": [
          "T053044",
          "T052151",
          "67646",
          "T027843",
          "398363",
          "1607324"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33997"
    },
    {
      "cve": "CVE-2026-34040",
      "product_status": {
        "known_affected": [
          "T053044",
          "T052151",
          "67646",
          "T027843",
          "398363",
          "1607324"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-34040"
    }
  ]
}

CVE-2026-33748 (GCVE-0-2026-33748)

Vulnerability from cvelistv5 – Published: 2026-03-27 14:00 – Updated: 2026-03-27 19:58

Title

BuildKit Git URL subdir component can cause access to restricted files

Summary

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.

Severity ?

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/moby/buildkit/security/advisor…	x_refsource_CONFIRM
https://docs.docker.com/build/concepts/context/#u…	x_refsource_MISC
https://github.com/moby/buildkit/releases/tag/v0.28.1	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
moby	buildkit	Affected: < 0.28.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33748",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T18:55:58.658220Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T19:58:28.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "buildkit",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.28.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-27T14:00:21.200Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
        },
        {
          "name": "https://docs.docker.com/build/concepts/context/#url-fragments",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.docker.com/build/concepts/context/#url-fragments"
        },
        {
          "name": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
        }
      ],
      "source": {
        "advisory": "GHSA-4vrq-3vrq-g6gg",
        "discovery": "UNKNOWN"
      },
      "title": "BuildKit Git URL subdir component can cause access to restricted files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33748",
    "datePublished": "2026-03-27T14:00:21.200Z",
    "dateReserved": "2026-03-23T18:30:14.124Z",
    "dateUpdated": "2026-03-27T19:58:28.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34040 (GCVE-0-2026-34040)

Vulnerability from cvelistv5 – Published: 2026-03-31 01:36 – Updated: 2026-04-02 03:55

Title

Moby: AuthZ plugin bypass with oversized request body

Summary

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/moby/moby/security/advisories/…	x_refsource_CONFIRM
https://github.com/moby/moby/releases/tag/docker-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
moby	moby	Affected: < 29.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34040",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T03:55:56.676Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "moby",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 29.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T01:36:48.205Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2"
        },
        {
          "name": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
        }
      ],
      "source": {
        "advisory": "GHSA-x744-4wpc-v9h2",
        "discovery": "UNKNOWN"
      },
      "title": "Moby: AuthZ plugin bypass with oversized request body"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34040",
    "datePublished": "2026-03-31T01:36:48.205Z",
    "dateReserved": "2026-03-25T15:29:04.744Z",
    "dateUpdated": "2026-04-02T03:55:56.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33747 (GCVE-0-2026-33747)

Vulnerability from cvelistv5 – Published: 2026-03-27 00:49 – Updated: 2026-03-27 19:59

Title

BuildKit vulnerable to malicious frontend causing file escape outside of storage root

Summary

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/moby/buildkit/security/advisor…	x_refsource_CONFIRM
https://github.com/moby/buildkit/releases/tag/v0.28.1	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
moby	buildkit	Affected: < 0.28.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33747",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T13:25:53.698360Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T19:59:06.907Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "buildkit",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.28.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-27T00:49:06.165Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
        },
        {
          "name": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
        }
      ],
      "source": {
        "advisory": "GHSA-4c29-8rgm-jvjj",
        "discovery": "UNKNOWN"
      },
      "title": "BuildKit vulnerable to malicious frontend causing file escape outside of storage root"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33747",
    "datePublished": "2026-03-27T00:49:06.165Z",
    "dateReserved": "2026-03-23T18:30:14.124Z",
    "dateUpdated": "2026-03-27T19:59:06.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33997 (GCVE-0-2026-33997)

Vulnerability from cvelistv5 – Published: 2026-03-31 01:36 – Updated: 2026-04-02 03:55

Title

Moby: Off-by-one error in plugin privilege validation

Summary

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-193 - Off-by-one Error

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/moby/moby/security/advisories/…	x_refsource_CONFIRM
https://github.com/moby/moby/releases/tag/docker-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
moby	moby	Affected: < 29.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33997",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T03:55:57.801Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "moby",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 29.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon\u0027s privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-193",
              "description": "CWE-193: Off-by-one Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T01:36:51.404Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9"
        },
        {
          "name": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
        }
      ],
      "source": {
        "advisory": "GHSA-pxq6-2prw-chj9",
        "discovery": "UNKNOWN"
      },
      "title": "Moby: Off-by-one error in plugin privilege validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33997",
    "datePublished": "2026-03-31T01:36:51.404Z",
    "dateReserved": "2026-03-24T22:20:06.214Z",
    "dateUpdated": "2026-04-02T03:55:57.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0873

CVE-2026-33748 (GCVE-0-2026-33748)

CVE-2026-34040 (GCVE-0-2026-34040)

CVE-2026-33747 (GCVE-0-2026-33747)

CVE-2026-33997 (GCVE-0-2026-33997)

Tags

Sightings

Nomenclature