Old Docker authorization bypass pops up despite previous patch
Summary
A new Docker authorization bypass vulnerability, CVE-2026-34040, has been discovered that allows attackers to gain root-level access to host systems by bypassing security plug-ins. This flaw shares a root cause with a previously patched vulnerability and has been known since 2016. The issue has been fixed in Docker Engine 29.3.1 and Docker Desktop 4.66.1.
IFF Assessment
This vulnerability allows attackers to bypass existing security controls and gain elevated privileges, which is detrimental to defenders.
Severity
The CVSS score of 8.8 indicates a high-severity vulnerability. Attackers can exploit this flaw remotely by sending a single HTTP request, which then allows them to bypass authorization plug-ins and gain root-level access, leading to significant impact on the host system.
Defender Context
Defenders must prioritize updating Docker Engine and Docker Desktop to the latest patched versions to mitigate this critical authorization bypass. This recurring vulnerability highlights the importance of rigorous patch management and ongoing vigilance for known flaws, even after they have reportedly been fixed.