Description
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Changed
Confidentiality: High
Integrity: High
Availability: High
Affected Packages3 packages
🔴Vulnerability Details
5OSVMoby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker↗2026-04-02 OSVCVE-2026-34040: Moby is an open source container framework↗2026-03-31 CVEListMoby: AuthZ plugin bypass with oversized request body↗2026-03-31 OSVMoby has AuthZ plugin bypass when provided oversized request bodies↗2026-03-27 GHSAMoby has AuthZ plugin bypass when provided oversized request bodies↗2026-03-27 📋Vendor Advisories
2Red HatMoby: Moby: Authorization bypass vulnerability↗2026-03-31 DebianCVE-2026-34040: docker.io - Moby is an open source container framework. Prior to version 29.3.1, a security ...↗2026 🕵️Threat Intelligence
2HackernewsDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access↗2026-04-07 WizCVE-2026-34040 Impact, Exploitability, and Mitigation Steps | Wiz↗ 💬Community
4BugzillaCVE-2026-34040 golang-github-docker: Moby: Authorization bypass vulnerability [fedora-42]↗2026-04-06 BugzillaCVE-2026-34040 inspektor-gadget: Moby: Authorization bypass vulnerability [fedora-42]↗2026-04-06 BugzillaCVE-2026-34040 inspektor-gadget: Moby: Authorization bypass vulnerability [fedora-43]↗2026-04-06 BugzillaCVE-2026-34040 Moby: Moby: Authorization bypass vulnerability↗2026-03-31