CVE-2024-41110
published 2024-07-24CVE-2024-41110: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker…
PriorityP277critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
16.50%
96.6th percentile
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.
Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.
A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.
Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.
docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | docker.io | < docker.io 20.10.24+dfsg1-1+deb12u1 (bookworm) | docker.io 20.10.24+dfsg1-1+deb12u1 (bookworm) |
| github.com | docker_docker | >= 19.03.0 < 23.0.15 | 23.0.15 |
| github.com | docker_docker | >= 20.10.0+incompatible < 25.0.6+incompatible | 25.0.6+incompatible |
| github.com | docker_docker | >= 24.0.0 < 25.0.6 | 25.0.6 |
| github.com | docker_docker | >= 26.0.0 < 26.1.5 | 26.1.5 |
| github.com | docker_docker | >= 26.0.0+incompatible < 26.1.5+incompatible | 26.1.5+incompatible |
| github.com | docker_docker | >= 27.0.0 < 27.1.1 | 27.1.1 |
| github.com | docker_docker | >= 27.0.0+incompatible < 27.1.1+incompatible | 27.1.1+incompatible |
| github.com | moby_moby | >= 20.10.0+incompatible < 25.0.6+incompatible | 25.0.6+incompatible |
| github.com | moby_moby | >= 26.0.0+incompatible < 26.1.5+incompatible | 26.1.5+incompatible |
| github.com | moby_moby | >= 27.0.0+incompatible < 27.1.1+incompatible | 27.1.1+incompatible |
| github.com | moby_moby_v2 | >= 0 < 2.0.0-beta.8 | 2.0.0-beta.8 |
| moby | moby | — | — |
| moby | moby | — | — |
| moby | moby | — | — |
| moby | moby | — | — |
| moby | moby | — | — |
| moby | moby | — | — |
| moby | moby | — | — |
| moby | moby | — | — |
| moby | moby | — | — |
| msrc | azl3_moby-engine_25.0.3-13_on_azure_linux_3.0 | — | — |
| msrc | azl3_moby-engine_25.0.3-5_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for Docker API requests that are forwarded to AuthZ plugins without a body — the plugin receives a bodyless request it may incorrectly allow ↗
- →Flag Docker Engine versions up to v19.03.15, v20.10.27, v23.0.14, v24.0.9, v25.0.5, v26.0.2, v26.1.4, v27.0.3, and v27.1.0 running with AuthZ plugins as vulnerable ↗
- →Alert on privilege escalation actions (e.g., privileged container creation) that follow Docker API calls, especially when AuthZ plugins are in use ↗
- →Docker Desktop v4.32.0 contains a vulnerable Docker Engine; monitor for Docker API access attempts on systems running this version, noting exploitation is limited to the VM scope ↗
- ·Docker EE v19.03.x and all versions of Mirantis Container Runtime are NOT vulnerable to CVE-2024-41110 ↗
- ·Only users who rely on AuthZ plugins for access control are impacted; users without AuthZ plugins are not affected regardless of Docker Engine version ↗
- ·The vulnerability is a regression — the original fix was applied in Docker Engine v18.09.1 (January 2019) but was not carried forward to later major versions ↗
- ·Patched versions are docker-ce v27.1.1 and branches 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1; Docker Desktop fix is in v4.33.0 (not yet released at time of advisory) ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
ghsa9.9CRITICAL
osv9.9CRITICAL
vendor_debian9.9CRITICAL
vendor_msrc9.9CRITICAL
vendor_redhat9.9CRITICAL
vendor_ubuntu5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Docker vulnerability
vendor_ubuntu·2025-04-15·CVSS 5.9
CVE-2024-41110 [MEDIUM] Docker vulnerability
Title: Docker vulnerability
Summary: docker.io could allow unintended access to network services
USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package
docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.
This update fixes it for source package docker.io in Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. These updates only
address the docker library and not the docker.io application itself, which
was already patched in the previous USNs (USN-7161-1 and USN-7161-2).
Original advisory details:
Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate
Ubuntu
Docker vulnerabilities
vendor_ubuntu·2025-02-18·CVSS 5.9
CVE-2024-29018 [MEDIUM] Docker vulnerabilities
Title: Docker vulnerabilities
Summary: Several security issues were fixed in Docker.
USN-7161-1 fixed CVE-2024-29018 in Ubuntu 24.04 LTS. This update fixes it
for source package docker.io in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and source
package docker.io-app for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
USN-7161-1 fixed CVE-2024-41110 in Ubuntu 24.10, Ubuntu 24.04 LTS, and
Ubuntu 18.04 LTS. This update fixes it for source package docker.io-app in
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Original advisory details:
Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This issue was only addressed for
Ubuntu
Docker vulnerabilities
vendor_ubuntu·2024-12-16·CVSS 5.9
CVE-2024-41110 [MEDIUM] Docker vulnerabilities
Title: Docker vulnerabilities
Summary: Several security issues were fixed in Docker.
Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This issue was only addressed for the source package
docker.io-app in Ubuntu 24.04 LTS. (CVE-2024-29018)
Cory Snider discovered that Docker did not properly handle authorization
plugin request processing. An attacker could possibly use this issue to
bypass authorization controls by forwarding API requests without their
full body, leading to unauthorized actions. This issue was only addressed for
the source package docker.io-app in Ubuntu 24.10 and Ubuntu 24.04
Red Hat
moby: Authz zero length regression
vendor_redhat·2024-07-23·CVSS 9.9
CVE-2024-41110 [CRITICAL] CWE-807 moby: Authz zero length regression
moby: Authz zero length regression
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.
Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.
A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to un
Microsoft
Moby authz zero length regression
vendor_msrc·2024-07-09·CVSS 9.9
CVE-2024-41110 [CRITICAL] CWE-187 Moby authz zero length regression
Moby authz zero length regression
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/e
Debian
CVE-2024-41110: docker.io - Moby is an open-source project created by Docker for software containerization. ...
vendor_debian·2024·CVSS 9.9
CVE-2024-41110 [CRITICAL] CVE-2024-41110: docker.io - Moby is an open-source project created by Docker for software containerization. ...
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privil
OSV
Moby has AuthZ plugin bypass when provided oversized request bodies
osv·2026-03-27·CVSS 9.9
CVE-2026-34040 [CRITICAL] Moby has AuthZ plugin bypass when provided oversized request bodies
Moby has AuthZ plugin bypass when provided oversized request bodies
## Summary
A security vulnerability has been detected that allows attackers to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low.
This is an incomplete fix for [CVE-2024-41110](https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq).
## Impact
**If you don't use AuthZ plugins, you are not affected.**
Using a specially-crafted API request, an attacker could make the Docker daemon forward the request to an authorization plugin without the body. The authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.
Anyone who d
GHSA
Moby has AuthZ plugin bypass when provided oversized request bodies
ghsa·2026-03-27·CVSS 9.9
CVE-2026-34040 [CRITICAL] CWE-288 Moby has AuthZ plugin bypass when provided oversized request bodies
Moby has AuthZ plugin bypass when provided oversized request bodies
## Summary
A security vulnerability has been detected that allows attackers to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low.
This is an incomplete fix for [CVE-2024-41110](https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq).
## Impact
**If you don't use AuthZ plugins, you are not affected.**
Using a specially-crafted API request, an attacker could make the Docker daemon forward the request to an authorization plugin without the body. The authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.
Anyone who d
OSV
Docker vulnerability
osv·2025-04-15·CVSS 7.5
CVE-2024-41110 [HIGH] Docker vulnerability
Docker vulnerability
USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package
docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.
This update fixes it for source package docker.io in Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. These updates only
address the docker library and not the docker.io application itself, which
was already patched in the previous USNs (USN-7161-1 and USN-7161-2).
Original advisory details:
Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This
OSV
Docker vulnerabilities
osv·2025-02-18·CVSS 7.5
CVE-2024-29018 [HIGH] Docker vulnerabilities
Docker vulnerabilities
USN-7161-1 fixed CVE-2024-29018 in Ubuntu 24.04 LTS. This update fixes it
for source package docker.io in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and source
package docker.io-app for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
USN-7161-1 fixed CVE-2024-41110 in Ubuntu 24.10, Ubuntu 24.04 LTS, and
Ubuntu 18.04 LTS. This update fixes it for source package docker.io-app in
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Original advisory details:
Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This issue was only addressed for the source package
docker.io-app in Ubuntu 24.04 LTS. (CVE-202
OSV
Docker vulnerabilities
osv·2024-12-16·CVSS 7.5
CVE-2024-29018 [HIGH] Docker vulnerabilities
Docker vulnerabilities
Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This issue was only addressed for the source package
docker.io-app in Ubuntu 24.04 LTS. (CVE-2024-29018)
Cory Snider discovered that Docker did not properly handle authorization
plugin request processing. An attacker could possibly use this issue to
bypass authorization controls by forwarding API requests without their
full body, leading to unauthorized actions. This issue was only addressed for
the source package docker.io-app in Ubuntu 24.10 and Ubuntu 24.04 LTS,
and the source package docker.io in Ubuntu 18.04 LTS. (CVE
GHSA
Authz zero length regression
ghsa·2024-07-30
CVE-2024-41110 [CRITICAL] CWE-187 Authz zero length regression
Authz zero length regression
A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.
### Impact
Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an [authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the bod
OSV
Authz zero length regression
osv·2024-07-30
CVE-2024-41110 [CRITICAL] Authz zero length regression
Authz zero length regression
A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.
### Impact
Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an [authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the bod
OSV
Moby authz zero length regression in github.com/moby/moby
osv·2024-07-29
CVE-2024-41110 Moby authz zero length regression in github.com/moby/moby
Moby authz zero length regression in github.com/moby/moby
Moby authz zero length regression in github.com/moby/moby
OSV
CVE-2024-41110: Moby is an open-source project created by Docker for software containerization
osv·2024-07-24·CVSS 9.9
CVE-2024-41110 [CRITICAL] CVE-2024-41110: Moby is an open-source project created by Docker for software containerization
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privil
No detection rules found.
No public exploits indexed.
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
arxiv_fulltext·2024-07-31
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Raveen Kanishka Jayalath*
University of Adelaide, Australia
[email protected]
Hussain Ahmad* *Authors contributed equally to this work. Corresponding author.
University of Adelaide, Australia
[email protected]
Diksha Goel
CSIRO's Data61, Australia
[email protected]
3cmMuhammad Shuja Syed
3cmSLB, USA
[email protected]
Faheem Ullah
University of Adelaide, Australia
[email protected]
plain
## Abstract
Microservice architectures are revolutionizing both small businesses and large corporations, igniting a new era of innovation with their exceptional advantages in maintainability, reusability, and scalability. However, these benefits come w
Hackernews
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
blogs_hackernews·2026-04-07·CVSS 9.9
CVE-2026-34040 [CRITICAL] Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins ( AuthZ ) under specific circumstances.
The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110 , a maximum-severity vulnerability in the same component that came to light in July 2024.
"Using a specially-crafted API request, an attacker could make the Docker daemon forward the request to an authorization plugin without the body," Docker Engine maintainers
Bleepingcomputer
Docker fixes critical 5-year old authentication bypass flaw
blogs_bleepingcomputer·2024-07-24·CVSS 9.9
[CRITICAL] Docker fixes critical 5-year old authentication bypass flaw
## Docker fixes critical 5-year old authentication bypass flaw
## Bill Toulas
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.
The flaw was initially discovered and fixed in Docker Engine v18.09.1, released in January 2019, but for some reason, the fix wasn't carried forward in later versions, so the flaw resurfaced.
This dangerous regression was identified only in April 2024, and patches were eventually released today for all supported Docker Engine versions.
Though this left attackers a comfortable 5-year period to leverage the flaw, it is unclear if it was ever exploited in the wild to gain unauthorized access to Docker
Wiz
CVE-2025-68383 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2025-68383 [MEDIUM] CVE-2025-68383 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68383 :
Filebeat vulnerability analysis and mitigation
Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.
Source : NVD
## 6.5
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Filebeat
Chainguard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cloudbeat-9
https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9bhttps://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0fhttps://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fbhttps://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fqhttps://www.docker.com/blog/docker-security-advisory-docker-engine-authz-pluginhttps://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9bhttps://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0fhttps://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fbhttps://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fqhttps://lists.debian.org/debian-lts-announce/2024/10/msg00009.htmlhttps://security.netapp.com/advisory/ntap-20240802-0001/https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
2024-07-24
Published