FIND-20260403-008 · 2026-04-03 · Innovation Veille

Docker Engine v29.3.1 — 4 Security CVEs Fixed Including AuthZ Bypass

release HIGH
Docker Engine v29.3.1 (March 25, 2026) fixes four security CVEs: CVE-2026-34040 (AuthZ plugin authorization bypass), CVE-2026-33997 (privilege validation flaw in docker plugin install), CVE-2026-33748 (Git URL validation in BuildKit), and CVE-2026-33747 (file writing vulnerability in BuildKit). The AuthZ bypass is particularly severe as it could allow privilege escalation in multi-tenant Docker environments. ODS currently tracks 29.3.1 as the known version.

Source

https://github.com/moby/moby/releases/tag/docker-v29.3.1

ODS Impact

ODS infrastructure uses Docker extensively on both srv-agents and srv-staging (managed by Coolify). The CVE-2026-34040 AuthZ bypass is critical for ODS as Coolify manages multiple tenant workloads. Verify Docker Engine is at 29.3.1 on both GCP VMs. Run: ssh srv-agents docker version and ssh srv-staging docker version.

Security Review

License: Apache-2.0 | Maintenance: ACTIVE | Risk: LOW | Recommendation: SAFE_TO_USE

Tags

docker release security cve buildkit authz
Generated by ODS Innovation Veille · 2026-04-03T07:08:12+00:00