Docker/Moby AuthZ Plugin Authorization Bypass
CVE-2026-34040 is a high-severity authorization bypass vulnerability in Docker Engine / Moby affecting versions prior to 29.3.1 when authorization plugins (AuthZ) are in use. The flaw is in the middleware path between the Docker API and AuthZ plugins: a specially crafted oversized API request body can be dropped or not forwarded to the authorization plugin, while the Docker daemon still processes the full request body. As a result, an AuthZ plugin that relies on inspecting the request body for policy decisions may approve a request it would otherwise deny. Public reporting describes this as an incomplete fix for CVE-2024-41110 and notes exploitation via padded HTTP requests larger than 1 MB, enabling restricted container-creation parameters such as privileged mode or other disallowed settings to bypass policy enforcement.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos.
This repository is a Python-based full lab PoC for CVE-2026-34040, targeting Docker/Moby AuthZ plugin bypass behavior when a Docker API request body exceeds 1 MB. The repository is small and focused: one executable script (poc.py), a standard-library-only requirements file, and several Markdown documents covering setup, demo flow, impact modes, troubleshooting, and publication notes. The main exploit logic is in poc.py. It manually crafts raw HTTP requests over the local UNIX socket /var/run/docker.sock rather than using the Docker SDK. The key capability is sending a container creation request with oversized JSON label padding ("padding" = "A" * (1024*1024+1)) so that an AuthZ plugin may fail to inspect the body while the Docker daemon still processes the original request. The script compares a normal request against an oversized one in check mode to determine whether the bypass is observable, expecting small requests to be blocked (HTTP 403) and oversized requests to reach daemon processing (HTTP 201 or possibly HTTP 404 if the image is missing). Beyond detection, the PoC includes multiple post-bypass impact modes. These include reading host files by creating a privileged container with the host root mounted read-only, writing a proof marker file on the host via chroot, executing user-supplied host commands in a lab, creating a long-lived privileged container for manual docker exec and chroot interaction, and a local-only reverse shell mode restricted to 127.0.0.1/localhost. The README and docs explicitly describe that the vulnerability itself is an authorization bypass, while file read and command execution are downstream impacts enabled by privileged container creation plus host bind mounts. Repository structure: README.md explains the vulnerability model, usage, and safety notes; docs/lab-setup.md lists prerequisites such as vulnerable Docker/Moby, AuthZ plugin, docker.sock access, and local alpine image; docs/impact-modes.md and docs/demo-script.md describe each demonstration path; docs/troubleshooting.md covers common failures like missing image or socket permissions. Overall, this is a real exploit PoC for local lab use, not merely a detector, and it is operational because it contains working payload paths for host file access and host command execution.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
56 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A Docker vulnerability involving an authorization plugin bypass caused by a documentation-code mismatch.
An authorization bypass vulnerability affecting Docker/Moby.
An authorization bypass vulnerability in Docker middleware that can allow an attacker with Docker API access to create containers with excessive privileges or otherwise restricted characteristics by sending a request body larger than 1MB, causing the AuthZ plugin to miss the body while the daemon still processes it.
A high-severity Docker Engine authorization bypass vulnerability caused by an incomplete patch, allowing specially crafted oversized API requests to evade AuthZ plugin inspection and potentially enable container escape or host compromise in affected configurations.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.