Critical Docker Engine Flaw Lets Attackers Bypass Authorization Plugins and Access the Host

Introduction

A high-severity vulnerability in Docker Engine has been disclosed that allows attackers to completely bypass authorization plugins under certain conditions. Tracked as CVE-2026-34040, the flaw carries a CVSS score of 8.8 and stems from an incomplete patch for a maximum-severity bug found in 2024.

What Happened

Docker released a security advisory for CVE-2026-34040, which affects the AuthZ (authorization plugin) middleware in Docker Engine. The root cause traces back to CVE-2024-41110 — a critical flaw patched in July 2024 that allowed requests to skip authorization entirely. The original fix turned out to be incomplete: under specific API request patterns, an attacker can still craft requests that Docker Engine forwards to the container runtime without ever consulting the AuthZ plugin. This effectively gives unauthenticated or low-privilege users the ability to perform privileged operations, including gaining access to the underlying host filesystem and processes.

Why It Matters

Docker Engine is at the heart of most container-based infrastructure. Authorization plugins are a key control for multi-tenant environments, CI/CD pipelines, and managed container platforms — all places where different users or services share a single Docker daemon. If AuthZ can be bypassed, the trust boundary between containers and the host collapses entirely. This is especially dangerous in environments where the Docker socket is exposed to internal services or where third-party tools interact with the Docker API.

Who Is Affected

  • Any Docker Engine installation using AuthZ plugins (common in enterprise and multi-tenant setups)
  • CI/CD pipelines that expose the Docker daemon to build agents
  • Managed container platforms and orchestrators that rely on Docker-level access controls
  • Docker Engine versions prior to the patched releases listed in Docker's advisory

How to Protect Yourself

1. Patch Docker Engine immediately

Check your current version and upgrade:

docker version
sudo apt-get update && sudo apt-get install docker-ce docker-ce-cli containerd.io

2. Verify AuthZ plugin enforcement

After updating, confirm that your authorization plugin is loaded and active:

docker info --format '{{.Plugins.Authorization}}'

3. Restrict Docker socket access

Never expose the Docker socket to untrusted containers or users:

ls -la /var/run/docker.sock
# Ensure only root and the docker group have access

4. Audit who has access to the Docker API

getent group docker

Remove any users or service accounts that don't strictly need Docker daemon access.

5. Consider rootless Docker or Podman

For environments where full daemon access is unnecessary, rootless mode eliminates the risk of host-level privilege escalation:

dockerd-rootless-setuptool.sh install

Source

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access — The Hacker News