CVE DATABASE / CVE-2026-34040
CVE-2026-34040
CVSS 8.8 · HIGH
Summary
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Mobyproject moby
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
Our coverage
References
- https://github.com/moby/moby/releases/tag/docker-v29.3.1
- https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2
Data: NIST NVD. NVD last modified 2026-04-03. Always verify against the vendor advisory before acting.