Docker Engine AuthZ Bypass (CVE‑2026‑34040) Enables Host Access – High Severity Vulnerability
What It Is — Docker Engine contains an authorization‑bypass flaw (CVE‑2026‑34040) that lets an attacker circumvent AuthZ plugins and execute commands directly on the host operating system. The bug is a regression of the earlier CVE‑2024‑41110 fix.
Exploitability — Publicly disclosed with a proof‑of‑concept exploit. CVSS v3.1 base score 8.8 (High). No confirmed large‑scale attacks yet, but the code is publicly available, making exploitation in the wild feasible.
Affected Products — Docker Engine 20.10.x‑20.10.25 and Docker Desktop 4.x‑4.22 on Linux, Windows, and macOS.
TPRM Impact — Any third‑party service that ships container images or relies on Docker for CI/CD inherits a supply‑chain risk. Successful exploitation can give threat actors host‑level control, potentially exposing data, disrupting services, or pivoting to other on‑premise systems.
Recommended Actions —
- Upgrade Docker Engine to 20.10.26 or later (or apply the official patch released 2026‑04‑07).
- Update all AuthZ plugins to the latest versions and verify their configuration.
- Perform an immediate audit of running containers for anomalous host‑level activity.
- Re‑scan third‑party container images for signs of compromise and enforce signed image policies.
Source: The Hacker News