FIND-20260401-003 · 2026-04-01 · Innovation Veille

Docker Engine v29 — CVE-2026-34040 AuthZ Plugin Bypass (HIGH) + CVE-2026-33997 Privilege Escalation (MEDIUM)

cve HIGH
Docker Engine v29.3.1 patches two security vulnerabilities. CVE-2026-34040 (HIGH): AuthZ plugin bypass allows attackers to bypass authorization plugins under specific conditions — patched in v29.3.1. CVE-2026-33997 (MEDIUM, CVSS 6.8): Off-by-one error in plugin privilege validation allows privilege escalation during docker plugin install; plugins requesting exactly one privilege are also affected as no comparison is performed. Both fixed in Docker Engine 29.3.1.

Source

https://docs.docker.com/engine/release-notes/29/

ODS Impact

All ODS services run on Docker (via Coolify on GCP VMs). If the Docker Engine version on srv-agents or srv-staging is below 29.3.1, the AuthZ bypass (CVE-2026-34040) could allow container escapes or authorization bypasses. Upgrade Docker Engine on both GCP VMs to 29.3.1. Verify: `docker version` on each server.

Security Review

License: Apache-2.0 | Maintenance: ACTIVE | Risk: LOW | Recommendation: USE_WITH_CAUTION

Tags

docker cve high authorization-bypass privilege-escalation infrastructure security
Generated by ODS Innovation Veille · 2026-04-01T01:51:54+00:00