Docker Engine Vulnerability (CVE-2026-34040) Exposes Hosts to Authorization Bypass Risks
A high-severity security flaw in Docker Engine, tracked as CVE-2026-34040, has been identified, enabling attackers to bypass authorization plugins (AuthZ) by manipulating API request bodies. The vulnerability carries a "High" severity rating, though its exploitation likelihood remains low.
The issue stems from how the Docker daemon processes oversized request bodies. Attackers with low-level access can craft malicious API requests, prompting the daemon to strip the request body before forwarding it to the AuthZ plugin. Without the necessary data, the plugin may approve actions it would typically block, effectively allowing unauthorized commands to execute.
This flaw is a regression of a previous Docker authorization vulnerability (CVE-2024-41110) and affects environments relying on AuthZ plugins for access control. Systems not using these plugins are unaffected. The vulnerability impacts all Docker Engine versions prior to 29.3.1 and could be exploited via a compromised container or low-privilege account to escalate privileges, modify host configurations, or access sensitive data.
Docker has released version 29.3.1 to patch the issue. For organizations unable to upgrade immediately, workarounds include discontinuing AuthZ plugins that depend on request body inspection or restricting Docker API access to trusted users under the principle of least privilege.
The flaw was responsibly disclosed by security researchers, with remediation led by the Docker development community.
Source: https://gbhackers.com/docker-authorization-bypass-flaw/
Docker, Inc cybersecurity rating report: https://www.rankiteo.com/company/docker
"id": "DOC1775644091",
"linkid": "docker",
"type": "Vulnerability",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology/Cloud Computing',
'location': 'Global',
'name': 'Docker Engine Users',
'type': 'Software'}],
'attack_vector': 'API Request Manipulation',
'data_breach': {'sensitivity_of_data': 'Sensitive data'},
'description': 'A high-severity security flaw in Docker Engine, tracked as '
'CVE-2026-34040, has been identified, enabling attackers to '
'bypass authorization plugins (AuthZ) by manipulating API '
'request bodies. The vulnerability stems from how the Docker '
'daemon processes oversized request bodies, allowing attackers '
'with low-level access to craft malicious API requests that '
'strip the request body before forwarding it to the AuthZ '
'plugin, leading to unauthorized command execution.',
'impact': {'data_compromised': 'Sensitive data access possible',
'operational_impact': 'Unauthorized command execution, privilege '
'escalation, host configuration modification',
'systems_affected': 'Docker Engine versions prior to 29.3.1'},
'post_incident_analysis': {'corrective_actions': 'Patch release (version '
'29.3.1), workarounds for '
'AuthZ plugin dependency, '
'and access restrictions',
'root_causes': 'Regression of CVE-2024-41110 due '
'to improper handling of oversized '
'API request bodies by the Docker '
'daemon'},
'recommendations': 'Upgrade to Docker Engine version 29.3.1, discontinue '
'vulnerable AuthZ plugins, or restrict Docker API access '
'to trusted users under the principle of least privilege.',
'references': [{'source': 'Docker Security Advisory'}],
'response': {'containment_measures': 'Upgrade to Docker Engine version 29.3.1',
'remediation_measures': 'Discontinue AuthZ plugins dependent on '
'request body inspection or restrict '
'Docker API access to trusted users'},
'title': 'Docker Engine Vulnerability (CVE-2026-34040) Exposes Hosts to '
'Authorization Bypass Risks',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2026-34040'}