Docker Engine AuthZ Bypass Flaw Enables Host Access via Oversized API Requests
Docker disclosed a high-severity Docker Engine vulnerability, CVE-2026-34040 (CVSS 8.8), that allows attackers to bypass authorization plugins and perform actions that should be blocked. The flaw stems from an incomplete fix for CVE-2024-41110 and is triggered when a specially crafted oversized Docker API request causes the request body to be dropped before inspection by an AuthZ plugin. In affected environments, the plugin may approve container operations it would otherwise deny, opening a path to unauthorized privileged actions and potential host compromise.
Researchers said an attacker with Docker API access could exploit the bug by padding a container-creation request beyond 1 MB to launch a privileged container with access to the host filesystem, exposing sensitive assets such as AWS credentials, SSH keys, and Kubernetes configurations. The issue affects deployments that rely on authorization plugins inspecting request bodies, while environments not using those plugins are not impacted. Docker patched the vulnerability in Docker Engine 29.3.1 and urged defenders to upgrade, restrict Docker API access, avoid AuthZ plugins that depend on request-body inspection, and use controls such as rootless mode, user namespace remapping, and least-privilege access to reduce risk.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Docker releases Docker Engine 29.3.1 to patch CVE-2026-34040
Docker fixed the vulnerability in Docker Engine version 29.3.1. It also recommended mitigations including avoiding AuthZ plugins that depend on request-body inspection, restricting Docker API access, and using rootless mode or user namespace remapping to reduce impact.
Cyera warns AI coding agents could trigger the Docker bypass
Cyera Research Labs warned that AI coding agents operating in Docker-based sandboxes could be induced, or could independently infer how, to exploit CVE-2026-34040 and escalate access. This added a new exploitation scenario to the vulnerability's public understanding.
Researchers detail host-access risks from crafted oversized Docker API requests
Reporting on the disclosure explained that an attacker with Docker API access could pad a container creation request beyond 1 MB to create a privileged container with host filesystem access. The described impact includes potential exposure of sensitive assets such as AWS credentials, SSH keys, and Kubernetes configuration data.
Docker discloses CVE-2026-34040 authorization bypass flaw
Docker disclosed a high-severity Docker Engine vulnerability, CVE-2026-34040 (CVSS 8.8), that allows authorization plugin bypass in certain configurations. The issue involves oversized API requests whose bodies are not properly forwarded to AuthZ plugins, enabling unauthorized actions and possible host compromise.
Docker's earlier CVE-2024-41110 fix leaves an incomplete remediation
Docker's later advisory for CVE-2026-34040 states the new flaw stems from an incomplete fix for CVE-2024-41110, establishing the earlier remediation as the precursor event. No specific date for that earlier fix is provided in the references.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Docker fixes AuthZ bypass bug that created containers with excessive privileges | news | SC Media
scworld.com
Open sourceDocker Vulnerability Let Attackers Bypass authorization and Gain Host Access
cybersecuritynews.com
Open sourceDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
thehackernews.com
Open sourceOne Megabyte to Root: How a Size Check Broke Docker’s Last Line of Defense | Cyera Research
cyera.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Docker and Docker Desktop Flaws Expose Systems to Security Bypass Risks
German authorities issued advisories for **multiple vulnerabilities in Docker** and a separate **Docker Desktop flaw that allows security measures to be bypassed**, highlighting security risks across both the container engine ecosystem and the desktop management platform. The notices identify Docker broadly as affected in one case, while the other specifically warns that Docker Desktop contains a vulnerability that could let attackers circumvent intended protections. The paired advisories indicate that organizations using Docker in development or production environments may face exposure from both general software weaknesses and a more targeted bypass issue in Docker Desktop. Security teams should review affected versions, assess where Docker and Docker Desktop are deployed, and prioritize vendor guidance and patching to reduce the risk of unauthorized access or weakened container security controls.
Apr 24, 2026
Attackers Exploit Unsecured Docker Daemons to Deploy Containers and Hijack Hosts
Palo Alto Networks Unit 42 reported that attackers are actively targeting **unsecured Docker daemons** exposed to the internet, using the Docker API to create and run malicious containers on victim systems. By abusing misconfigured deployments that lack proper access controls, intruders can gain effective control of the underlying host, execute arbitrary workloads, and use compromised infrastructure for follow-on activity such as cryptomining, persistence, and broader cloud or network compromise. The report details attacker tradecraft focused on exposed container management interfaces, where adversaries issue Docker commands remotely to pull attacker-controlled images and launch privileged containers that can interact with the host environment. The activity highlights a recurring cloud security risk: organizations that leave Docker services reachable without authentication can enable rapid compromise of containerized environments and the systems that support them.
Jun 23, 2026
Docker Desktop for Windows 0-Days Enable Host Privilege Escalation From Containers
Zero Day Initiative disclosed two **Docker Desktop for Windows** privilege-escalation flaws after Docker rejected the reports as outside its threat model. The first issue, tracked as **ZDI-26-258** / `ZDI-CAN-27229`, affects the `extension-manager` component and is caused by an exposed dangerous function in Docker Extensions. ZDI said an attacker who can already execute high-privileged code inside a container could exploit the flaw to run arbitrary code on the Windows host as **SYSTEM**. The advisory lists no assigned CVE and a **CVSS 8.2** score, and credits **Nitesh Surana of TrendAI Research** with the discovery. A second advisory, **ZDI-26-260** / `ZDI-CAN-27571`, describes an uncontrolled search path issue in the Docker Desktop `system/editor` endpoint caused by execution of a program from an unsecured location. ZDI said exploitation requires an attacker to first escape the container and execute high-privileged code inside the Docker **Hyper-V VM**, after which arbitrary code can be run on the host in the context of the current user; the flaw carries a **CVSS 7.5** score. The issue was reported to Docker in July 2025 by **Nitesh Surana and Nelson William Gamazo Sanchez of TrendAI Research**, but was later published as a 0-day after the vendor declined to address it because it depended on prior privileged access.
May 25, 2026