A high-severity flaw in Docker Engine (CVE-2026-34040) allows attackers to bypass authorization plugins by sending a specially crafted, padded HTTP request that causes the daemon to forward requests without the body. The vulnerability — an incomplete fix for CVE-2024-41110 — can enable creation of privileged containers with host filesystem access and has been fixed in Docker Engine 29.3.1; mitigations include avoiding body-inspecting AuthZ plugins, limiting Docker API access, and running Docker rootless. #CVE-2026-34040 #DockerEngine
Keypoints
- High-severity vulnerability CVE-2026-34040 in Docker Engine permits AuthZ plugin bypass under specific conditions.
- The flaw stems from an incomplete fix for CVE-2024-41110 and is patched in Docker Engine 29.3.1.
- An attacker can use a padded HTTP request over 1MB to drop the request body before the plugin, enabling privileged container creation with host access.
- AI coding agents like OpenClaw can be tricked or may autonomously construct the padded request, allowing exploitation without explicit exploit code.
- Workarounds include avoiding request-body-dependent AuthZ plugins, restricting Docker API access, using rootless mode, or enabling –userns-remap.
Read More: https://thehackernews.com/2026/04/docker-cve-2026-34040-lets-attackers.html