Critical Alert: Docker AuthZ Bypass (CVE-2026-34040) Enables Host Root Access

[Eyal Estrin]

One Megabyte to Root: How a Size Check Broke Docker’s Last Line of Defense
https://www.cyera.com/research/one-megabyte-to-root-how-a-size-check-broke-dockers-last-line-of-defense

AuthZ plugin bypass with oversized request body
https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
https://thehackernews.com/2026/04/docker-cve-2026-34040-lets-attackers.html

Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts
https://www.esecurityplanet.com/threats/docker-flaw-cve-2026-34040-lets-attackers-bypass-security-controls-and-take-over-hosts/

Amazon Linux Security Center - CVE-2026-34040
https://explore.alas.aws.amazon.com/CVE-2026-34040.html

Linux Distros Unpatched Vulnerability: CVE-2026-34040
https://www.tenable.com/plugins/nessus/304756

Eyal Estrin
Author | Cloud Architect | AWS • Azure • GCP Insights
Social: @eyalestrin
Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com