A critical authorization bypass vulnerability in Docker Engine is back — and this time it only takes a single oversized HTTP request to exploit.

CVE-2026-34040 (CVSS 8.8) is an incomplete fix for CVE-2024-41110, a maximum-severity Docker Engine AuthZ plugin bypass that was originally patched in July 2024. The new variant was published on March 31, 2026, and affects every Docker Engine version from 1.10 through 29.3.0 that relies on AuthZ plugins for access control.

What Happened

The original CVE-2024-41110 allowed attackers to bypass AuthZ plugins by sending API requests with Content-Length: 0, causing the Docker daemon to forward the request to the plugin without a body. The plugin would approve the empty request, and the daemon would then execute the full, malicious request.

Docker’s fix addressed the zero-length case, but researchers discovered it failed to handle the opposite extreme: oversized request bodies. CVE-2026-34040 exploits this gap. By padding a container creation request beyond 1 MB, the body is silently dropped before it reaches the AuthZ plugin. The plugin sees a benign-looking request, approves it, and the daemon processes the full payload — creating a privileged container with host filesystem access.

No exploit code, no special tools, no prior privileges required. Anyone with Docker API access can construct the request by reading the API documentation.

Technical Details

CVE ID: CVE-2026-34040
CVSS Score: 8.8 (High)
Affected Versions: Docker Engine 1.10 through 29.3.0 (when AuthZ plugins are enabled)
Fixed In: Docker Engine 29.3.1
Attack Vector: Network (Docker API)
Complexity: Low

The attack chain is straightforward:

  1. Attacker sends a POST /containers/create request to the Docker API
  2. The request body is padded to exceed 1 MB (e.g., with repeated whitespace or junk JSON fields)
  3. The Docker daemon drops the oversized body before forwarding to the AuthZ plugin
  4. The AuthZ plugin receives the request without the body, approves it by default
  5. The daemon processes the original request with full body, creating a privileged container
  6. The attacker mounts the host filesystem, gaining access to cloud credentials, SSH keys, Kubernetes configs, and anything else on the host

This is particularly dangerous in enterprise environments where AuthZ plugins from OPA, Prisma Cloud, or custom policy engines are the primary security boundary between Docker API consumers and the host.

Who Is Affected

Any organization running Docker with AuthZ plugins enabled is vulnerable. This is a common configuration in:

  • Multi-tenant container platforms where API access is shared across teams
  • CI/CD pipelines where build agents have Docker API access
  • Managed container services that use AuthZ for policy enforcement
  • Development environments with shared Docker daemons

If you don’t use AuthZ plugins, this specific vulnerability doesn’t affect you — but that likely means you have other access control concerns.

Mitigation

Patch immediately. Docker Engine 29.3.1 fixes CVE-2026-34040.

If you can’t patch right away, apply these workarounds:

  • Restrict Docker API access to trusted users and services only. Follow least-privilege principles.
  • Run Docker in rootless mode. Even if an attacker creates a privileged container, the container’s root maps to an unprivileged host UID, limiting blast radius from full host compromise to a compromised unprivileged user.
  • Use --userns-remap if you can’t go fully rootless. This provides similar UID mapping protection.
  • Avoid relying solely on AuthZ plugins for security-critical decisions based on request body inspection.
  • Audit Docker API access logs for unusually large request bodies to POST /containers/create.

The Bigger Picture

This is the second time the same Docker AuthZ bypass pattern has surfaced. The original bug was first fixed in January 2019 in Docker Engine v18.09.1, but that fix wasn’t carried forward to later versions — leading to CVE-2024-41110 in July 2024. Now CVE-2026-34040 reveals the 2024 fix was itself incomplete.

The flaw has existed in Docker’s codebase for nearly a decade. Multiple researchers — including Asim Viladi Oglu Manizada, Cody, Oleh Konko, and Vladimir Tokarev — independently discovered and reported it. Cyera researchers confirmed the flaw affects a core security mechanism relied on by organizations to enforce container policies.

If your container security strategy depends on AuthZ plugins as a trust boundary, treat this as a wake-up call. Patch to 29.3.1, verify your API access controls, and consider defense-in-depth with rootless mode or user namespace remapping.

References