CVE-2026-34040

HIGH

Moby: AuthZ plugin bypass with oversized request body

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-34040. PoCs published by m0nk3ygod.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2026-34040, demonstrating an AuthZ bypass in Docker/Moby via oversized request bodies. The exploit allows privileged container creation and host file access through chroot and bind mounts.

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Exploits (1)

github WORKING POC
by m0nk3ygod · pythonpoc
https://github.com/m0nk3ygod/CVE-2026-34040-PoC

This repository contains a functional PoC for CVE-2026-34040, demonstrating an AuthZ bypass in Docker/Moby via oversized request bodies. The exploit allows privileged container creation and host file access through chroot and bind mounts.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Docker/Moby with AuthZ plugin
Auth required
Prerequisites: Access to /var/run/docker.sock · Docker AuthZ plugin enabled · Vulnerable Docker version
devstral-2 · analyzed Jun 07, 2026 Full analysis →

References (2)

Core 2
Core References

Scores

CVSS v3 8.8
EPSS 0.0812
EPSS Percentile 94.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-288
Status published
Products (5)
docker/docker 0 - 29.3.1Go
moby/moby 0 - 2.0.0-beta.8Go
moby/moby 0 - 29.3.1Go
moby/moby < 29.3.1
mobyproject/moby < 29.3.1
Published Mar 31, 2026
Tracked Since Mar 31, 2026