A high-severity vulnerability tracked as CVE-2026-34040 has been found in Docker Engine, allowing attackers to bypass authorization controls and potentially take over the host system. The flaw impacts environments that rely on authorization plugins (AuthZ) to enforce security policies in containerized workloads.

The issue occurs when a specially crafted API request with a large payload is sent to Docker. Due to how the request is processed, the payload may not be properly checked by the authorization plugin, causing it to approve actions that should normally be blocked. This can allow attackers to create privileged containers and gain access to sensitive data such as credentials, SSH keys, and cloud configurations.

This vulnerability is especially dangerous in enterprise environments where Docker is widely used in CI/CD pipelines or shared systems. Even with limited access, an attacker could bypass security controls and perform unauthorized actions that may lead to full system compromise.

The issue has been fixed in Docker Engine version 29.3.1. Organizations are advised to update immediately, restrict access to the Docker API, and avoid relying solely on authorization plugins for critical security enforcement.

source: https://thehackernews.com/2026/04/docker-cve-2026-34040-lets-attackers.html