Vulnerability-Lookup

SUSE-SU-2026:2578-1

Vulnerability from csaf_suse - Published: 2026-06-23 13:12 - Updated: 2026-06-23 13:12

Summary

Security update for docker-stable

Severity

Important

Notes

Title of the patch: Security update for docker-stable

Description of the patch: This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory (bsc#1260967). - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository (bsc#1261078). - CVE-2026-33997: Fixed privilege validation bypass during plugin (bsc#1265907). - CVE-2026-34040: Fixed Authz zero length regression (bsc#1265929).

Patchnames: SUSE-2026-2578,SUSE-SLE-SERVER-12-SP5-LTSS-2026-2578,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2578

CVE-2026-33747

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-33748

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-33997

8.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34040

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch	—	Vendor Fix

Threats

Impact important

References

21 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1260967	self
https://bugzilla.suse.com/1261078	self
https://bugzilla.suse.com/1265907	self
https://bugzilla.suse.com/1265929	self
https://www.suse.com/security/cve/CVE-2026-33747/	self
https://www.suse.com/security/cve/CVE-2026-33748/	self
https://www.suse.com/security/cve/CVE-2026-33997/	self
https://www.suse.com/security/cve/CVE-2026-34040/	self
https://www.suse.com/security/cve/CVE-2026-33747	external
https://bugzilla.suse.com/1260954	external
https://www.suse.com/security/cve/CVE-2026-33748	external
https://bugzilla.suse.com/1261046	external
https://www.suse.com/security/cve/CVE-2026-33997	external
https://bugzilla.suse.com/1265907	external
https://www.suse.com/security/cve/CVE-2026-34040	external
https://bugzilla.suse.com/1261378	external
https://bugzilla.suse.com/1265929	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for docker-stable",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for docker-stable fixes the following issues\n\n- CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written\n  outside of the BuildKit state directory (bsc#1260967).\n- CVE-2026-33748: github.com/moby/buildkit: insufficient validation of Git URL fragment subdir components may allow\n  access to files outside the checked-out Git repository (bsc#1261078).\n- CVE-2026-33997: Fixed privilege validation bypass during plugin (bsc#1265907).\n- CVE-2026-34040: Fixed Authz zero length regression (bsc#1265929).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-2578,SUSE-SLE-SERVER-12-SP5-LTSS-2026-2578,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2578",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2578-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:2578-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262578-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:2578-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026968.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260967",
        "url": "https://bugzilla.suse.com/1260967"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261078",
        "url": "https://bugzilla.suse.com/1261078"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1265907",
        "url": "https://bugzilla.suse.com/1265907"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1265929",
        "url": "https://bugzilla.suse.com/1265929"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-33747 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-33747/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-33748 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-33748/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-33997 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-33997/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34040 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34040/"
      }
    ],
    "title": "Security update for docker-stable",
    "tracking": {
      "current_release_date": "2026-06-23T13:12:07Z",
      "generator": {
        "date": "2026-06-23T13:12:07Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:2578-1",
      "initial_release_date": "2026-06-23T13:12:07Z",
      "revision_history": [
        {
          "date": "2026-06-23T13:12:07Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-24.0.9_ce-1.37.1.aarch64",
                "product": {
                  "name": "docker-stable-24.0.9_ce-1.37.1.aarch64",
                  "product_id": "docker-stable-24.0.9_ce-1.37.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-24.0.9_ce-1.37.1.i586",
                "product": {
                  "name": "docker-stable-24.0.9_ce-1.37.1.i586",
                  "product_id": "docker-stable-24.0.9_ce-1.37.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
                "product": {
                  "name": "docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
                  "product_id": "docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-stable-fish-completion-24.0.9_ce-1.37.1.noarch",
                "product": {
                  "name": "docker-stable-fish-completion-24.0.9_ce-1.37.1.noarch",
                  "product_id": "docker-stable-fish-completion-24.0.9_ce-1.37.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-stable-rootless-extras-24.0.9_ce-1.37.1.noarch",
                "product": {
                  "name": "docker-stable-rootless-extras-24.0.9_ce-1.37.1.noarch",
                  "product_id": "docker-stable-rootless-extras-24.0.9_ce-1.37.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-stable-zsh-completion-24.0.9_ce-1.37.1.noarch",
                "product": {
                  "name": "docker-stable-zsh-completion-24.0.9_ce-1.37.1.noarch",
                  "product_id": "docker-stable-zsh-completion-24.0.9_ce-1.37.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-24.0.9_ce-1.37.1.ppc64le",
                "product": {
                  "name": "docker-stable-24.0.9_ce-1.37.1.ppc64le",
                  "product_id": "docker-stable-24.0.9_ce-1.37.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-24.0.9_ce-1.37.1.s390x",
                "product": {
                  "name": "docker-stable-24.0.9_ce-1.37.1.s390x",
                  "product_id": "docker-stable-24.0.9_ce-1.37.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-24.0.9_ce-1.37.1.x86_64",
                "product": {
                  "name": "docker-stable-24.0.9_ce-1.37.1.x86_64",
                  "product_id": "docker-stable-24.0.9_ce-1.37.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.37.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.37.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.37.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.37.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.37.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.37.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.37.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
        },
        "product_reference": "docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.37.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.37.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.37.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.37.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.37.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.37.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.37.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
        },
        "product_reference": "docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.37.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
        },
        "product_reference": "docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-33747",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-33747"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-33747",
          "url": "https://www.suse.com/security/cve/CVE-2026-33747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260954 for CVE-2026-33747",
          "url": "https://bugzilla.suse.com/1260954"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-23T13:12:07Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-33747"
    },
    {
      "cve": "CVE-2026-33748",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-33748"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-33748",
          "url": "https://www.suse.com/security/cve/CVE-2026-33748"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261046 for CVE-2026-33748",
          "url": "https://bugzilla.suse.com/1261046"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-23T13:12:07Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-33748"
    },
    {
      "cve": "CVE-2026-33997",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-33997"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon\u0027s privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-33997",
          "url": "https://www.suse.com/security/cve/CVE-2026-33997"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265907 for CVE-2026-33997",
          "url": "https://bugzilla.suse.com/1265907"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-23T13:12:07Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-33997"
    },
    {
      "cve": "CVE-2026-34040",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34040"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34040",
          "url": "https://www.suse.com/security/cve/CVE-2026-34040"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261378 for CVE-2026-34040",
          "url": "https://bugzilla.suse.com/1261378"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265929 for CVE-2026-34040",
          "url": "https://bugzilla.suse.com/1265929"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.37.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.37.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-23T13:12:07Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-34040"
    }
  ]
}

CVE-2026-33747 (GCVE-0-2026-33747)

Vulnerability from cvelistv5 – Published: 2026-03-27 00:49 – Updated: 2026-03-27 19:59

Title

BuildKit vulnerable to malicious frontend causing file escape outside of storage root

Summary

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.

Severity

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/moby/buildkit/security/advisor…	x_refsource_CONFIRM
https://github.com/moby/buildkit/releases/tag/v0.28.1	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
moby	buildkit	Affected: < 0.28.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33747",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T13:25:53.698360Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T19:59:06.907Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "buildkit",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.28.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-27T00:49:06.165Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
        },
        {
          "name": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
        }
      ],
      "source": {
        "advisory": "GHSA-4c29-8rgm-jvjj",
        "discovery": "UNKNOWN"
      },
      "title": "BuildKit vulnerable to malicious frontend causing file escape outside of storage root"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33747",
    "datePublished": "2026-03-27T00:49:06.165Z",
    "dateReserved": "2026-03-23T18:30:14.124Z",
    "dateUpdated": "2026-03-27T19:59:06.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33748 (GCVE-0-2026-33748)

Vulnerability from cvelistv5 – Published: 2026-03-27 14:00 – Updated: 2026-03-27 19:58

Title

BuildKit Git URL subdir component can cause access to restricted files

Summary

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.

Severity

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/moby/buildkit/security/advisor…	x_refsource_CONFIRM
https://docs.docker.com/build/concepts/context/#u…	x_refsource_MISC
https://github.com/moby/buildkit/releases/tag/v0.28.1	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
moby	buildkit	Affected: < 0.28.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33748",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T18:55:58.658220Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T19:58:28.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "buildkit",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.28.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-27T14:00:21.200Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
        },
        {
          "name": "https://docs.docker.com/build/concepts/context/#url-fragments",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.docker.com/build/concepts/context/#url-fragments"
        },
        {
          "name": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
        }
      ],
      "source": {
        "advisory": "GHSA-4vrq-3vrq-g6gg",
        "discovery": "UNKNOWN"
      },
      "title": "BuildKit Git URL subdir component can cause access to restricted files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33748",
    "datePublished": "2026-03-27T14:00:21.200Z",
    "dateReserved": "2026-03-23T18:30:14.124Z",
    "dateUpdated": "2026-03-27T19:58:28.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33997 (GCVE-0-2026-33997)

Vulnerability from cvelistv5 – Published: 2026-03-31 01:36 – Updated: 2026-04-02 03:55

Title

Moby: Off-by-one error in plugin privilege validation

Summary

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-193 - Off-by-one Error

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/moby/moby/security/advisories/…	x_refsource_CONFIRM
https://github.com/moby/moby/releases/tag/docker-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
moby	moby	Affected: < 29.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33997",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T03:55:57.801Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "moby",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 29.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon\u0027s privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-193",
              "description": "CWE-193: Off-by-one Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T01:36:51.404Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9"
        },
        {
          "name": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
        }
      ],
      "source": {
        "advisory": "GHSA-pxq6-2prw-chj9",
        "discovery": "UNKNOWN"
      },
      "title": "Moby: Off-by-one error in plugin privilege validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33997",
    "datePublished": "2026-03-31T01:36:51.404Z",
    "dateReserved": "2026-03-24T22:20:06.214Z",
    "dateUpdated": "2026-04-02T03:55:57.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34040 (GCVE-0-2026-34040)

Vulnerability from cvelistv5 – Published: 2026-03-31 01:36 – Updated: 2026-04-02 03:55

Title

Moby: AuthZ plugin bypass with oversized request body

Summary

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/moby/moby/security/advisories/…	x_refsource_CONFIRM
https://github.com/moby/moby/releases/tag/docker-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
moby	moby	Affected: < 29.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34040",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T03:55:56.676Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "moby",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 29.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T01:36:48.205Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2"
        },
        {
          "name": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
        }
      ],
      "source": {
        "advisory": "GHSA-x744-4wpc-v9h2",
        "discovery": "UNKNOWN"
      },
      "title": "Moby: AuthZ plugin bypass with oversized request body"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34040",
    "datePublished": "2026-03-31T01:36:48.205Z",
    "dateReserved": "2026-03-25T15:29:04.744Z",
    "dateUpdated": "2026-04-02T03:55:56.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:2578-1

CVE-2026-33747 (GCVE-0-2026-33747)

CVE-2026-33748 (GCVE-0-2026-33748)

CVE-2026-33997 (GCVE-0-2026-33997)

CVE-2026-34040 (GCVE-0-2026-34040)

Tags

Sightings

Nomenclature