Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

A high-severity vulnerability (CVE-2026-34040, CVSS 8.8) has been discovered in Docker Engine that allows attackers to bypass authorization plugins (AuthZ). This flaw stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability disclosed in July 2024. By exploiting this vulnerability under specific circumstances, attackers can potentially bypass authorization checks and gain unauthorized access to the host system. Organizations using Docker with authorization plugins enabled should immediately update to the latest Docker version and verify their security configurations to prevent container escape and host compromise. This represents a significant risk for containerized environments, particularly in multi-tenant or production infrastructure deployments.

A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024. "

A high-severity vulnerability (CVE-2026-34040, CVSS 8.8) has been discovered in Docker Engine that allows attackers to bypass authorization plugins (AuthZ). This flaw stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability disclosed in July 2024. By exploiting this vulnerability under specific circumstances, attackers can potentially bypass authorization checks and gain unauthorized access to the host system. Organizations using Docker with authorization plugins enabled should immediately update to the latest Docker version and verify their security configurations to prevent container escape and host compromise. This represents a significant risk for containerized environments, particularly in multi-tenant or production infrastructure deployments. A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024. " A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024. "