A high-severity security vulnerability in Docker Engine, designated as CVE-2026-34040 (CVSS score: 8.8), has been disclosed. This flaw allows attackers to bypass authorization plugins under specific circumstances, potentially enabling them to create privileged containers and gain unauthorized host file system access.
The vulnerability stems from an incomplete fix for a previous flaw (CVE-2024-41110). If successfully exploited, an attacker with API access could use a specially crafted request to bypass security policies enforced by authorization plugins, leading to privilege escalation and severe infrastructure compromise.
How to check if you’re affected
You are likely affected if you meet the following conditions:
- You are running Docker Engine versions prior to 29.3.1.
- You utilize Docker authorization plugins (AuthZ plugins) to enforce access control.
- Your Docker API is exposed or accessible to potentially untrusted users.
To check your current Docker Engine version, run the following command in your terminal:
docker version
If your server version is earlier than 29.3.1, you should update immediately.
Remediation
Docker has released a patch to address this flaw. Administrators are urged to update to Docker Engine version 29.3.1 or later as soon as possible. As an additional defense-in-depth measure, ensure your Docker API is not unnecessarily exposed to the internet and restrict access only to trusted networks and administrators.