Mobyproject Moby vulnerabilities

CVE-2026-34040 [HIGH] CWE-288 CVE-2026-34040: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has be Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

CVE-2026-33997 [MEDIUM] CWE-193 CVE-2026-33997: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has be Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the u

CVE-2025-54388 [MEDIUM] CWE-909 CVE-2025-54388: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker En Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker should automatica

CVE-2025-54410 [LOW] CWE-909 CVE-2025-54410: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker En Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any c

CVE-2024-36623 [HIGH] CWE-362 CVE-2024-36623: moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

CVE-2024-36621 [MEDIUM] CWE-362 CVE-2024-36621: moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

CVE-2024-36620 [MEDIUM] CWE-476 CVE-2024-36620: moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.

CVE-2024-32473 [MEDIUM] CWE-668 CVE-2024-32473: Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configu

CVE-2024-29018 [MEDIUM] CWE-669 CVE-2024-29018: Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each n

CVE-2024-24557 [MEDIUM] CWE-345 CVE-2024-24557: Moby is an open-source project created by Docker to enable software containerization. The classic bu Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone

CVE-2023-28840 [HIGH] CWE-420 CVE-2023-28840: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, M Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd

CVE-2023-28841 [MEDIUM] CWE-311 CVE-2023-28841: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, M Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `docke

CVE-2023-28842 [MEDIUM] CWE-420 CVE-2023-28842: Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `docke

CVE-2022-36109 [MEDIUM] CWE-863 CVE-2022-36109: Moby is an open-source project created by Docker to enable software containerization. A bug was foun Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group

CVE-2022-27652 [MEDIUM] CWE-276 CVE-2022-27652: A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissi A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those

CVE-2022-24769 [MEDIUM] CWE-732 CVE-2022-24769: Moby is an open-source project created by Docker to enable and accelerate software containerization. Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capa

CVE-2021-41089 [LOW] CWE-281 CVE-2021-41089: Moby is an open-source project created by Docker to enable software containerization. A bug was foun Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly al

CVE-2021-41091 [MEDIUM] CWE-281 CVE-2021-41091: Moby is an open-source project created by Docker to enable software containerization. A bug was foun Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When

CVE-2018-12608 [HIGH] CWE-295 CVE-2018-12608: An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS cert An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root

CVE-2018-10892 [MEDIUM] CWE-250 CVE-2018-10892: The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not b The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.