Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access A high-severity flaw in Docker Engine (CVE-2026-34040) allows attackers to bypass authorization plugins by sending a specially crafted, padded HTTP request that causes the daemon to forward requests without the body. The vulnerability — an incomplete fix for CVE-2024-41110 — can enable creation of privileged containers with host filesystem access and...

A critical flaw in Docker Engine (CVE-2026-34040) allows attackers to bypass AuthZ plugins by sending padded HTTP requests, enabling privileged container access to the host filesystem. Fixed in v29.3.1. #DockerVuln #ContainerSecurity #CVE2026