CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

DEBIAN-CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

CVE-2026-33747

CVE-2026-33747 affects BuildKit prior to v0.28.1. When using a custom BuildKit frontend, an untrusted frontend can craft an API message to cause files to be written outside the BuildKit state directory for the execution context, potentially enabling local privilege escalation or unauthorized file...

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

Linux Distros Unpatched Vulnerability : CVE-2026-33747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a...

BuildKit 后置链接漏洞

BuildKit is a concurrent, cache-efficient build tool package developed by Moby. Versions of BuildKit prior to 0.28.1 contained a post-link vulnerability. This vulnerability stemmed from insufficient validation of Git URL fragment sub-directory components, which could allow access to files outside...

GHSA-4VRQ-3VRQ-G6GG BuildKit Git URL subdir component can cause access to restricted files

Impact Insufficient validation of Git URL fragment subdir components :, docs may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. Patches The issue has been fixed in version v0.28.1 Workarounds The issue affects...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...

BuildKit Git URL subdir component can cause access to restricted files

Impact Insufficient validation of Git URL fragment subdir components :, docs may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. Patches The issue has been fixed in version v0.28.1 Workarounds The issue affects...

EUVD-2026-16518

BuildKit's Malicious frontend can cause file escape outside of storage root...

GHSA-4C29-8RGM-JVJJ BuildKit's Malicious frontend can cause file escape outside of storage root

Impact When using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. Patches The issue has been fixed in v0.28.1+ Workarounds Issue requires using an untrusted BuildKit frontend set...

BuildKit's Malicious frontend can cause file escape outside of storage root

Impact When using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. Patches The issue has been fixed in v0.28.1+ Workarounds Issue requires using an untrusted BuildKit frontend set...

PT-2026-28526

Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.28.1 Description Insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted...

PT-2026-28525

Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.28.1 Description BuildKit is a toolkit for converting source code to build artifacts. When using a custom BuildKit frontend, a malicious frontend can craft an API message that causes files to be written outside of...