CVE-2026-34040 HIGH

CVE-2026-34040: Moby: AuthZ plugin bypass with oversized request body

Vendor Moby
Product moby
Weakness CWE-288
Published March 31, 2026
Last update April 2, 2026

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Key dates

02Disclosure timeline

March 31, 2026 CVE published
April 2, 2026 Record updated