CVE-2026-34040

EUVD-2026-17289
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
dockerengine
𝑥
< 29.3.1
𝑥
= Vulnerable software versions
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
docker
Amazon Linux 2023
0:25.0.14-1.amzn2023.0.4
fixed
docker-debuginfo
Amazon Linux 2023
0:25.0.14-1.amzn2023.0.4
fixed
docker-debugsource
Amazon Linux 2023
0:25.0.14-1.amzn2023.0.4
fixed
Common Weakness Enumeration
References
https://github.com/moby/moby/releases/tag/docker-v29.3.1
https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2