CVE-2026-33997

Medium CVSS: 6.8

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.

Vendor

Mobyproject

Product

Moby

CWE

CWE-193

Yayın Tarihi

2026-03-31 03:15:57

Güncelleme

2026-04-03 17:23:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-193 Moby MEDIUM Mobyproject 2026

Referanslar

https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9

Benzer Kayıtlar

High

CVE-2026-34040

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that all…

High

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. P…

Medium

CVE-2025-54388

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Conta…

Low

CVE-2025-54410

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Conta…