CVE-2020-13401

Docker Engine vulnerability CVE-2020-13401: before 19.03.11, a container process with CAP_NET_RAW can craft IPv6 router advertisements via the bridge/network setup, enabling spoofing of external IPv6 hosts, potential information disclosure, or denial of service. Several connected advisories confi...

CVE-2018-20699

CVE-2018-20699 affects Docker Engine before 18.09, allowing a remote attacker to trigger a denial of service by sending a large value to --cpuset-mems or --cpuset-cpus. The issue is tied to memory consumption in dockerd and is described as related to the code paths in daemon_unix.go, parsers.go, ...

CVE-2026-41568

CVE-2026-41568 describes a race condition in Moby/Docker Engine during docker cp mount setup. A malicious container could create empty files or directories at arbitrary absolute paths on the host filesystem. Affected versions include Docker Engine prior to 29.5.1, Docker Daemon prior to 28.5.2, a...

CVE-2026-34040

CVE-2026-34040 affects Moby, the open source container framework. Prior to version 29.3.1, an issue allows bypassing authorization plugins (AuthZ). The vulnerability has been fixed in 29.3.1. Connected sources consistently describe the problem as an AuthZ bypass in the daemon/plugin authorization...

CVE-2026-42306

CVE-2026-42306 affects Moby/Docker: a race condition during docker cp mount setup could redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Affected are Docker Engine prior to 29.5.1, Docker Daemon 28.5.2 and earlier, and Moby D...

CVE-2026-33997

CVE-2026-33997 affects Moby (docker) prior to 29.3.1. A daemon privilege-validation check is flawed, potentially allowing a privilege set that differs from the user-approved one to be accepted during docker plugin installation. Plugins requesting exactly one privilege are also affected because th...