Critical Docker Vulnerability CVE-2023-28840 Lets Attackers Bypass Authorization
Key Takeaways A new high-severity vulnerability, CVE-2026-34040, has been identified in Docker Engine. This flaw allows attackers to bypass Docker authorization plugins, potentially leading to...
Key Takeaways
- A new high-severity vulnerability, CVE-2026-34040, has been identified in Docker Engine.
- This flaw allows attackers to bypass Docker authorization plugins, potentially leading to unauthorized access to the host system.
- The vulnerability affects Docker environments utilizing authorization plugins that inspect request bodies for access control.
- A patch is available in Docker Engine version 29.3.1.
A significant security flaw has been uncovered in Docker Engine, posing a risk to systems configured with specific authorization mechanisms. This high-severity vulnerability, tracked as CVE-2026-34040, enables attackers to circumvent authorization plugins, potentially granting them unauthorized access to the underlying host system.
Table Of Content
The root cause of this newly discovered issue lies in an incomplete fix for a prior vulnerability, leaving certain Docker configurations exposed to exploitation. This effectively means that specific enterprise setups, particularly those relying on Docker authorization (AuthZ) plugins to govern access to the Docker API, are susceptible.
AuthZ plugins function as crucial security checkpoints, meticulously examining the content of incoming API requests to ascertain if a user possesses the necessary permissions for requested operations.
Docker Vulnerability Bypasses Authorization Controls
Security researchers revealed that a malicious actor can bypass these stringent authorization checks by submitting a specially crafted API request containing an excessively large body. During the processing of such an oversized request, the Docker daemon proceeds to forward the request to the AuthZ plugin but, critically, discards the request body entirely.
Deprived of the request body for inspection, the authorization plugin is unable to identify the malicious payload and, consequently, approves a request that it should have rightfully denied. This behavior is notably recognized as an incomplete remediation for CVE-2024-41110, an earlier vulnerability that exhibited a similar authorization bypass mechanism.
The vulnerability carries a “High” severity rating, with a CVSS v3.1 profile indicating that an attacker requires only local access and low privileges to execute the exploit. The attack complexity is low, demands no user interaction, and successful exploitation could lead to container escape and compromise of the host system. However, the overall likelihood of this exploit occurring in real-world scenarios is considered low.
The impact of CVE-2026-34040 is strictly confined to environments that depend on authorization plugins to introspect request bodies for making access control decisions. Docker instances not utilizing AuthZ plugins are entirely unaffected by this vulnerability.
The Docker development team has addressed this vulnerability with the release of Docker Engine version 29.3.1, as detailed in their GitHub advisory.
What You Should Do
- Immediately upgrade Docker Engine to version 29.3.1 or later to apply the official patch.
- If immediate patching is not feasible, avoid using AuthZ plugins that rely on inspecting the request body for security decisions.
- Strictly limit access to the Docker API to only trusted parties and internal networks.
- Enforce the principle of least privilege across all container environments to minimize the potential impact of any successful local attack.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.