Docker has disclosed a high-severity flaw in Engine versions that could let an attacker bypass authorization plugins in some setups, with the issue tracked as CVE-2026-34040 and rated 8.8. The problem affects version 29.3.1 and earlier releases that rely on request body inspection for access control.
KEY FACTS
- Bug class Incomplete fix for CVE-2024-41110
- Effect A crafted API request can be forwarded to an AuthZ plugin without the body
- Risk A plugin may approve a request it would otherwise block
- Patch Docker Engine 29.3.1
In an advisory, Docker Engine maintainers said the daemon could forward certain specially crafted requests to an authorization plugin without including the body. That matters because some plugins inspect the body before deciding whether to allow an action.
The disclosure said the flaw affects anyone who depends on authorization plugins that use request body content to make access control decisions. Cyera Research Labs researcher Vladimir Tokarev said the issue stems from a fix for CVE-2024-41110 that did not properly handle oversized HTTP request bodies.
Tokarev described a scenario in which a padded container creation request larger than 1 MB could be dropped before reaching the plugin, while the Docker daemon still processed the request. In that case, the plugin would see no body and could allow the action, which could lead to a privileged container with host file system access.
The report said independent researchers Asim Viladi Oglu Manizada, Cody, Oleh Konko and Vladimir Tokarev reported the issue. It also warned that an AI coding agent running inside a Docker-based sandbox could be tricked into generating the padded request during normal workflow tasks, though the report said no special exploit code is required.
WHY IT MATTERS
The flaw could weaken a control that some organizations use to limit Docker API actions and, in the worst case, expose host files, credentials and other sensitive data. Docker recommends limiting API access, avoiding AuthZ plugins that rely on request body inspection for security decisions, or running Docker in rootless mode.