## Docker Engine AuthZ Bypass: A Deep Dive into CVE-2026-34040 A critical security vulnerability has been uncovered in **Docker Engine** that could enable malicious actors to circumvent authorization plugins (AuthZ), gaining unauthorized access to sensitive resources. This flaw, identified as **CVE-2026-34040** (CVSS score: 8.8), represents a significant risk to environments relying on Docker for containerization. ### The Root Cause: Incomplete Patch **CVE-2026-34040** arises from an inadequate fix for **CVE-2024-41110**, a previously disclosed maximum-severity vulnerability in the same component. The initial patch failed to properly address oversized HTTP request bodies, leaving a window for exploitation. According to a security advisory from **Docker Engine** maintainers, a crafted API request can trick the Docker daemon into forwarding the request to an authorization plugin without the request body. This omission can lead the plugin to approve requests that it would otherwise deny if the full body had been inspected. ### The Attack Vector: Oversized HTTP Requests **Vladimir Tokarev** of **Cyera Research Labs** discovered that padding a container creation request to exceed 1MB causes it to be dropped before reaching the AuthZ plugin. This allows an attacker with restricted Docker API access to bypass the authorization mechanism and create a privileged container with host file system access.  Tokarev explains that the plugin allows the request because it doesn't detect anything to block. The Docker daemon then processes the full request, creating a privileged container with root access to the host. This grants access to sensitive data such as AWS credentials, SSH keys, and Kubernetes configurations. ### AI Coding Agents at Risk The vulnerability also poses a threat to AI coding agents like **OpenClaw** running within Docker-based sandboxes. An attacker can inject malicious code into a GitHub repository, which, when processed by the AI agent, exploits **CVE-2026-34040** to bypass authorization and create a privileged container.  Furthermore, **Cyera** warns that AI agents can independently discover and exploit the bypass by constructing padded HTTP requests when encountering errors during legitimate debugging tasks. This eliminates the need for poisoned repositories. ### Mitigation Strategies To mitigate the risk posed by **CVE-2026-34040**, consider the following temporary workarounds: * Avoid using AuthZ plugins that rely on request body inspection. * Limit access to the Docker API to trusted parties, adhering to the principle of least privilege. * Run Docker in rootless mode. In rootless mode, even a privileged container's 'root' maps to an unprivileged host UID, reducing the blast radius. * Utilize `--userns-remap` for similar UID mapping in environments where fully rootless mode is not feasible. The issue has been patched in **Docker Engine** version 29.3.1. Users are strongly advised to upgrade to this version to address the vulnerability.