Fluid Attacks Database

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/docker/docker	>=0 <29.3.1	29.3.1
debian 12	docker.io	=20.10.24+dfsg1-1 \|\| =20.10.24+dfsg1-1+deb12u1 \|\| =20.10.25+dfsg1-1 \|\| =20.10.25+dfsg1-2 \|\| =20.10.25+dfsg1-3 \|\| =20.10.25+dfsg1-4 \|\| =26.1.4+dfsg1-1 \|\| =26.1.4+dfsg1-2 \|\| =26.1.4+dfsg1-3 \|\| =26.1.4+dfsg1-4 \|\| =26.1.4+dfsg1-5 \|\| =26.1.4+dfsg1-6 \|\| =26.1.4+dfsg1-7 \|\| =26.1.4+dfsg1-8 \|\| =26.1.4+dfsg1-9 \|\| =26.1.4+dfsg2-1 \|\| =26.1.4+dfsg3-1 \|\| =26.1.5+dfsg1-1 \|\| =26.1.5+dfsg1-10 \|\| =26.1.5+dfsg1-2 \|\| =26.1.5+dfsg1-3 \|\| =26.1.5+dfsg1-4 \|\| =26.1.5+dfsg1-5 \|\| =26.1.5+dfsg1-6 \|\| =26.1.5+dfsg1-7 \|\| =26.1.5+dfsg1-8 \|\| =26.1.5+dfsg1-9 \|\| =27.5.1+dfsg1-1 \|\| =27.5.1+dfsg1-2 \|\| =27.5.1+dfsg2-1 \|\| =27.5.1+dfsg3-1 \|\| =27.5.1+dfsg3-2 \|\| =27.5.1+dfsg3-3 \|\| =27.5.1+dfsg3-4 \|\| =27.5.1+dfsg3-5 \|\| =27.5.1+dfsg3-6 \|\| =27.5.1+dfsg4-1 \|\| =27.5.1+dfsg4-2 \|\| =28.5.2+dfsg1-1 \|\| =28.5.2+dfsg2-1 \|\| =28.5.2+dfsg3-1 \|\| =28.5.2+dfsg3-2 \|\| =28.5.2+dfsg4-1 \|\| =28.5.2+dfsg4-2	-
go	github.com/moby/moby/v2	>=0 <2.0.0-beta.8	2.0.0-beta.8
go	github.com/moby/moby	>=0 <29.3.1	29.3.1
debian 14	docker.io	=26.1.5+dfsg1-10 \|\| =26.1.5+dfsg1-9 \|\| =27.5.1+dfsg1-1 \|\| =27.5.1+dfsg1-2 \|\| =27.5.1+dfsg2-1 \|\| =27.5.1+dfsg3-1 \|\| =27.5.1+dfsg3-2 \|\| =27.5.1+dfsg3-3 \|\| =27.5.1+dfsg3-4 \|\| =27.5.1+dfsg3-5 \|\| =27.5.1+dfsg3-6 \|\| =27.5.1+dfsg4-1 \|\| =27.5.1+dfsg4-2 \|\| =28.5.2+dfsg1-1 \|\| =28.5.2+dfsg2-1 \|\| =28.5.2+dfsg3-1 \|\| =28.5.2+dfsg3-2 \|\| =28.5.2+dfsg4-1 \|\| >=0 <28.5.2+dfsg4-2	28.5.2+dfsg4-2
debian 13	docker.io	=26.1.5+dfsg1-10 \|\| =26.1.5+dfsg1-9 \|\| =27.5.1+dfsg1-1 \|\| =27.5.1+dfsg1-2 \|\| =27.5.1+dfsg2-1 \|\| =27.5.1+dfsg3-1 \|\| =27.5.1+dfsg3-2 \|\| =27.5.1+dfsg3-3 \|\| =27.5.1+dfsg3-4 \|\| =27.5.1+dfsg3-5 \|\| =27.5.1+dfsg3-6 \|\| =27.5.1+dfsg4-1 \|\| =27.5.1+dfsg4-2 \|\| =28.5.2+dfsg1-1 \|\| =28.5.2+dfsg2-1 \|\| =28.5.2+dfsg3-1 \|\| =28.5.2+dfsg3-2 \|\| =28.5.2+dfsg4-1 \|\| =28.5.2+dfsg4-2	-
debian 11	docker.io	=20.10.10+dfsg1-1 \|\| =20.10.11+dfsg1-1 \|\| =20.10.11+dfsg1-2 \|\| =20.10.14+dfsg1-1 \|\| =20.10.17+dfsg1-1 \|\| =20.10.19+dfsg1-1 \|\| =20.10.21+dfsg1-1 \|\| =20.10.22+dfsg1-1 \|\| =20.10.22+dfsg1-2 \|\| =20.10.23+dfsg1-1 \|\| =20.10.24+dfsg1-1 \|\| =20.10.25+dfsg1-1 \|\| =20.10.25+dfsg1-2 \|\| =20.10.25+dfsg1-3 \|\| =20.10.25+dfsg1-4 \|\| =20.10.5+dfsg1-1 \|\| =20.10.5+dfsg1-1+deb11u1 \|\| =20.10.5+dfsg1-1+deb11u2 \|\| =20.10.5+dfsg1-1+deb11u3 \|\| =20.10.5+dfsg1-1+deb11u4 \|\| =20.10.8+dfsg1-1 \|\| =20.10.8+dfsg1-2 \|\| =26.1.4+dfsg1-1 \|\| =26.1.4+dfsg1-2 \|\| =26.1.4+dfsg1-3 \|\| =26.1.4+dfsg1-4 \|\| =26.1.4+dfsg1-5 \|\| =26.1.4+dfsg1-6 \|\| =26.1.4+dfsg1-7 \|\| =26.1.4+dfsg1-8 \|\| =26.1.4+dfsg1-9 \|\| =26.1.4+dfsg2-1 \|\| =26.1.4+dfsg3-1 \|\| =26.1.5+dfsg1-1 \|\| =26.1.5+dfsg1-10 \|\| =26.1.5+dfsg1-2 \|\| =26.1.5+dfsg1-3 \|\| =26.1.5+dfsg1-4 \|\| =26.1.5+dfsg1-5 \|\| =26.1.5+dfsg1-6 \|\| =26.1.5+dfsg1-7 \|\| =26.1.5+dfsg1-8 \|\| =26.1.5+dfsg1-9 \|\| =27.5.1+dfsg1-1 \|\| =27.5.1+dfsg1-2 \|\| =27.5.1+dfsg2-1 \|\| =27.5.1+dfsg3-1 \|\| =27.5.1+dfsg3-2 \|\| =27.5.1+dfsg3-3 \|\| =27.5.1+dfsg3-4 \|\| =27.5.1+dfsg3-5 \|\| =27.5.1+dfsg3-6 \|\| =27.5.1+dfsg4-1 \|\| =27.5.1+dfsg4-2 \|\| =28.5.2+dfsg1-1 \|\| =28.5.2+dfsg2-1 \|\| =28.5.2+dfsg3-1 \|\| =28.5.2+dfsg3-2 \|\| =28.5.2+dfsg4-1 \|\| =28.5.2+dfsg4-2	-

Aliases

1. CVE-2026-340402. NVD-2026-340403. OSV-2026-340404. OSV-DEBIAN-2026-340405. GHSA-v23v-6jw2-98fq6. GHSA-x744-4wpc-v9h27. GCVE-2026-340408. SECURITY-TRACKER-CVE-2026-34040

References

1. https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq2. https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h23. https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a384. https://docs.docker.com/engine/extend/plugins_authorization5. https://github.com/moby/moby/releases/tag/docker-v29.3.1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.