cbcvebase.
CVE-2026-34040
published 2026-03-31

CVE-2026-34040: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization…

PriorityP352high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
8.12%
94.1th percentile
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Affected

4 ranges
VendorProductVersion rangeFixed in
debiandocker.io
dockerengine< 29.3.129.3.1
github.commoby_moby_v2>= 0 < 2.0.0-beta.82.0.0-beta.8
mobymoby< 29.3.129.3.1

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa9.9CRITICAL
osv9.9CRITICAL
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.