cbcvebase.
CVE-2026-42306
published 2026-06-12

CVE-2026-42306: Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version…

PriorityP337high7.2CVSS 3.1
AVLACHPRLUIRSCCNIHAH
EPSS
0.10%
1.3th percentile
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. This issue has been patched in Docker Engine version 29.5.1 and Moby Daemon version 2.0.0-beta.14.

Affected

22 ranges
VendorProductVersion rangeFixed in
dockerengine< 29.5.129.5.1
github.comdocker_docker0 – 28.5.2
github.commoby_moby0 – 28.5.2
github.commoby_moby_v2>= 0 < 2.0.0-beta.142.0.0-beta.14
mobymoby
mobymoby
mobymoby
mobyprojectmoby<= 28.5.2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
mobyprojectmoby_v2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.