PatchSiren cyber security CVE debrief
CVE-2026-41568 moby CVE debrief
CVE-2026-41568 is a MEDIUM severity vulnerability in Moby Docker Engine and Daemon. A race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem. This issue has been patched in Docker Engine version 29.5.1 and Moby Daemon version 2.0.0-beta.14.
- Vendor
- moby
- Product
- Unknown
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Docker Engine versions prior to 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14.
Technical summary
A race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to Docker Engine version 29.5.1 or later.
- Upgrade to Moby Daemon version 2.0.0-beta.14 or later.
Evidence notes
CVE-2026-41568 has a CVSS score of 6.1 and is classified as MEDIUM severity.
Official resources
-
CVE-2026-41568 CVE record
CVE.org
-
CVE-2026-41568 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-41568 was published on 2026-06-12T19:16:26.907Z and has not been modified since then.