A high-severity security vulnerability has been disclosed in Docker Engine that could allow an attacker to bypass security controls and gain full administrative access to the host system. The flaw is tracked as CVE-2026-34040 and has a CVSS score of 8.8, indicating a high level of risk.
The vulnerability stems from an incomplete patch for a previous, maximum-severity issue, CVE-2024-41110, that was addressed in July 2024. According to security researchers, the new flaw allows an attacker with access to the Docker API to circumvent authorization plugins (AuthZ). These plugins are designed to enforce fine-grained access policies on Docker commands, acting as a critical security layer in multi-user or automated environments.
Successful exploitation could permit an attacker to execute privileged commands that would normally be blocked. This could lead to a container escape, where the attacker breaks out of the isolated container environment and achieves administrative control over the underlying host server. From there, an attacker could access or modify all data on the machine, deploy malware, or move laterally across the network.
The vulnerability poses a significant threat to organizations using Docker in shared environments, such as CI/CD pipelines or multi-tenant platforms, where AuthZ plugins are commonly used to restrict user permissions. Systems with improperly secured Docker API endpoints are also at high risk.
Docker has released updated versions of Docker Engine to address CVE-2026-34040. Administrators are strongly advised to identify vulnerable instances and apply the necessary patches immediately to mitigate the risk of compromise.
