CVE-2026-34040

HIGH

Moby: AuthZ plugin bypass with oversized request body

Title source: cna

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

References (2)

[X_Refsource_Confirm] https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2

[X_Refsource_Misc] https://github.com/moby/moby/releases/tag/docker-v29.3.1

Scores

CVSS v3 8.8

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-288

Status published

Products (5)

docker/docker 0Go

moby/moby 0Go

moby/moby 0 - 2.0.0-beta.8Go

moby/moby < 29.3.1

mobyproject/moby < 29.3.1

Published Mar 31, 2026

Tracked Since Mar 31, 2026