CVE-2026-33997 moby CVE debrief

Who should care

Users of Moby (Docker Engine) versions prior to 29.3.1 who install plugins should be aware of this vulnerability. Specifically, those who install plugins that request privileges should ensure they are using version 29.3.1 or later to avoid potential privilege escalation issues.

Technical summary

The vulnerability is caused by flawed privilege comparison logic in the daemon. This logic error allows for the bypass of privilege validation during the installation of Docker plugins. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6.8, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N.

Defensive priority

Medium

Recommended defensive actions

• Update Moby (Docker Engine) to version 29.3.1 or later to patch the vulnerability.
• Review and validate the privileges of installed plugins to ensure they align with the intended functionality and user approval.

Evidence notes

The vulnerability was patched in version 29.3.1 of Moby (Docker Engine). References to the patch and advisory can be found at [ref-4](https://github.com/moby/moby/releases/tag/docker-v29.3.1) and [ref-5](https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9).

Official resources