Skip to main content

Docker Engine (Moby) CVE-2026-33997

HIGH
Off-by-one Error (CWE-193)
2026-03-27 https://github.com/moby/moby
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
vuln.today AI
8.1 HIGH

Plugin pulled over the network with no prior auth (AV:N/PR:N), but an admin must approve the install (UI:R); successful bypass can grant device/host access yielding high C and I, no direct availability impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
SUSE
6.8 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Red Hat
8.4 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

9
Analysis Updated
Jun 16, 2026 - 15:01 vuln.today
v3 (cvss_changed)
Source Code Evidence Fetched
Jun 16, 2026 - 15:00 vuln.today
Analysis Updated
Jun 16, 2026 - 15:00 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 16, 2026 - 14:52 vuln.today
cvss_changed
Severity Changed
Jun 16, 2026 - 14:52 NVD
MEDIUM HIGH
CVSS changed
Jun 16, 2026 - 14:52 NVD
6.8 (MEDIUM) 8.1 (HIGH)
Analysis Generated
Mar 27, 2026 - 18:00 vuln.today
Patch released
Mar 27, 2026 - 18:00 nvd
Patch available
CVE Published
Mar 27, 2026 - 17:38 nvd
MEDIUM 6.8

DescriptionNVD

Summary

A security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user.

Plugins that request exactly one privilege are also affected, because no comparison is performed at all.

Impact

If plugins are not in use, there is no impact.

When a plugin is installed, the daemon computes the privileges required by the plugin's configuration and compares them with the privileges approved during installation. A malicious plugin can exploit this bug so that the daemon accepts privileges that differ from what was intended to be approved.

Anyone who depends on the plugin installation approval flow as a meaningful security boundary is potentially impacted.

Depending on the privilege set involved, this may include highly sensitive plugin permissions such as broad device access.

For consideration: exploitation still requires a plugin to be installed from a malicious source, and Docker plugins are relatively uncommon. Docker Desktop also does not support plugins.

Workarounds

If unable to update immediately:

  • Do not install plugins from untrusted sources
  • Carefully review all privileges requested during docker plugin install
  • Restrict access to the Docker daemon to trusted parties, following the principle of least privilege
  • Avoid relying on plugin privilege approval as the only control boundary for sensitive environments

Credits

  • Reported by Cody (c@wormhole.guru, PGP 0x9FA5B73E)

AnalysisAI

Plugin privilege validation bypass in Moby/Docker Engine prior to 29.3.1 (and Moby v2 before 2.0.0-beta.8) allows a malicious plugin to be installed with a privilege set that differs from what the user approved during 'docker plugin install'. The off-by-one in the daemon's comparison loop skips the first sorted privilege entry, and plugins requesting exactly one privilege bypass comparison entirely, potentially granting sensitive capabilities such as broad device access. No public exploit identified at time of analysis, EPSS is 0.01%, and SSVC marks exploitation as none but technical impact as total.

Technical ContextAI

The flaw resides in Moby's daemon plugin manager (daemon/pkg/plugin/manager.go) within the legacy plugin system that runs out-of-process plugins managed by dockerd. The isEqual helper used to compare the required privilege set against the user-approved set iterated from index 1 instead of 0 ('for i := 1; i < arrOne.Len(); i++'), a classic CWE-193 off-by-one, so the first sorted privilege was never compared. Additionally, when only one privilege was requested, the loop body never executed and any value mismatch was silently accepted. The fix replaces the hand-rolled comparison with a normalizePrivileges helper plus slices.Equal, ensuring full element-wise comparison including the value slice for every privilege. Affected packages are pkg:go/github.com/docker/docker, pkg:go/github.com/moby/moby, and pkg:go/github.com/moby/moby/v2; Docker Desktop is not affected because it does not support legacy plugins.

RemediationAI

Vendor-released patch: upgrade Docker Engine/Moby to 29.3.1 or later (https://github.com/moby/moby/releases/tag/docker-v29.3.1), or to moby/v2 2.0.0-beta.8 if tracking the v2 branch; the fix commit is f4d6f25bf0c3fa12d4968320a45685947756a22a. Distribution users should apply vendor updates such as SUSE-SU-2026:1205. If immediate patching is not possible, do not install plugins from untrusted sources, restrict access to the Docker daemon socket to trusted administrators (least privilege), carefully audit every privilege shown by 'docker plugin install' before approving, and stop treating the plugin approval prompt as a sole security boundary for sensitive hosts; note that simply not using legacy plugins fully avoids the issue but disables any workflow that depends on them. Full advisory: https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 12 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed

Share

CVE-2026-33997 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy