CVE-2026-34040: Moby: AuthZ plugin bypass with oversized request body

Published Mar 27, 2026
·
Updated

Summary

A security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.

This is an incomplete fix for CVE-2024-41110.

Impact

If you don't use AuthZ plugins, you are not affected.

Using a specially-crafted API request, an attacker could make the Docker daemon forward the request to an authorization plugin without the body. The authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.

Anyone who depends on authorization plugins that introspect the request body to make access control decisions is potentially impacted.

Workarounds

If unable to update immediately: - Avoid using AuthZ plugins that rely on request body inspection for security decisions. - Restrict access to the Docker API to trusted parties, following the principle of least privilege.

Credits

- 1seal / Oleh Konko (@1seal) - Cody (c@wormhole.guru) - Asim Viladi Oglu Manizada (@manizada)

Resources

- CVE-2024-41110 / GHSA-v23v-6jw2-98fq

Other sources

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

MITRE

Affected Software

4 affected componentsFixes available
go/github.com/moby/moby/v2<2.0.0-beta.8
2.0.0-beta.8
go/github.com/docker/docker<29.3.1
go/github.com/moby/moby<29.3.1
Mobyproject Moby<29.3.1

Event History

Mar 27, 2026
Advisory Published
via GitHub·05:43 PM
Data Sourced
via GitHub·05:43 PM
DescriptionSeverityWeaknessAffected Software
Mar 31, 2026
CVE Published
via MITRE·01:36 AM
Data Sourced
via MITRE·01:36 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 AM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-34040?

The severity of CVE-2026-34040 is low due to the specific conditions required for exploitation.

2

How do I fix CVE-2026-34040?

To fix CVE-2026-34040, upgrade to versions greater than 2.0.0-beta.8 of the affected software.

3

What software is affected by CVE-2026-34040?

CVE-2026-34040 affects versions below 2.0.0-beta.8 of GitHub repositories like github.com/moby/moby and github.com/docker/docker.

4

Can CVE-2026-34040 be exploited remotely?

Exploitation of CVE-2026-34040 requires local access, limiting its risk of remote exploitation.

5

Is there a workaround for CVE-2026-34040?

Currently, there are no known workarounds for CVE-2026-34040 other than upgrading the affected software.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203