8.8

CVE-2026-34040

Medienbericht

Moby: AuthZ plugin bypass with oversized request body

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DockerEngine Version < 29.3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.12% 0.941
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
13.04.2026 16:21
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.04.2026 15:19
https://github.com/moby/moby/releases/tag/docker-v29.3.1
Release Notes
https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2
Vendor Advisory