PatchSiren cyber security CVE debrief
CVE-2026-34040 moby CVE debrief
CVE-2026-34040 is a high-severity security vulnerability in Moby, an open-source container framework. The vulnerability, which has a CVSS score of 8.8, allows attackers to bypass authorization plugins (AuthZ). This issue was patched in version 29.3.1 of Moby.
- Vendor
- moby
- Product
- Unknown
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-31
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-03-31
- Advisory updated
- 2026-06-16
Who should care
Users of Moby, particularly those who utilize authorization plugins (AuthZ), should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability, which has been assigned a CVSS score of 8.8, allows attackers to bypass authorization plugins (AuthZ) in Moby. This issue was detected prior to version 29.3.1 of Moby.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to version 29.3.1 of Moby to patch the vulnerability.
- Review and update authorization plugins (AuthZ) to ensure they are properly configured.
Evidence notes
The vulnerability was patched in version 29.3.1 of Moby. For more information, see [ref-4](https://github.com/moby/moby/releases/tag/docker-v29.3.1) and [ref-5](https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2).
Official resources
-
CVE-2026-34040 CVE record
CVE.org
-
CVE-2026-34040 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-34040 was published on [cvePublishedAt]. The CVE was modified on [cveModifiedAt].