Critical Docker vulnerability warning: Attackers can gain root access via authorization bypass

Recently, a critical security vulnerability in Docker Engine was discovered, allowing attackers to bypass access control layers and penetrate deep into host systems. This vulnerability not only threatens traditional systems but also poses significant risks to AI coding agents.

Originating from an incomplete patch

The new vulnerability is identified as CVE-2026-34040 with a critical CVSS score of 8.8/10. Notably, this is not an entirely new issue but stems from an incomplete patch for CVE-2024-41110 (originally disclosed in July 2024).

The flaw resides in the component that manages Docker's Authorization (AuthZ) plugins. These plugins serve as "gatekeepers," responsible for inspecting and determining whether an access request is valid before Docker is permitted to execute it.

How the authorization system is deceived

According to security researchers, the vulnerability occurs when Docker processes excessively large requests. Specifically:

• Error mechanism: An attacker can send a request "padded" with junk data to exceed 1MB in size.

• Consequence: At this point, the Docker daemon (the core control component of Docker) forwards the request to the AuthZ plugin but "forgets" the request body.

• Faulty approval: Since it receives no content to inspect, the AuthZ plugin mistakenly assumes the request is harmless and allows it through.

Once past the "checkpoint," the Docker daemon executes the original request in its entirety. Attackers can exploit this to create a privileged container. From there, they can gain direct access to the physical host's file system and steal sensitive information such as SSH keys, Kubernetes configurations, or Cloud credentials.

Risks to AI coding agents

Another concerning aspect is that this vulnerability can be exploited through AI coding assistants (such as OpenClaw). Attackers can plant malicious code in source code repositories (like GitHub). When developers use AI to interact with these repositories, the AI agent can be tricked into executing commands that exploit CVE-2026-34040 without the user's knowledge.

Furthermore, experts warn that AI could independently "devise" ways to bypass these security mechanisms. During debugging tasks, if an AI encounters difficulty accessing files, it might automatically generate specialized HTTP requests to trigger the vulnerability to complete its assigned task, inadvertently creating an opening for malicious actors.

How to protect your system

To ensure security, users and system administrators should immediately implement the following measures:

1. Update immediately: Upgrade Docker Engine to version 29.3.1 or newer to fully patch this vulnerability.

2. Use Rootless mode: Run Docker in rootless mode. In this mode, even if an attacker gains administrative privileges within a container, they are restricted to the permissions of a standard user on the host, significantly mitigating potential damage.

3. Restrict access rights: Only allow trusted users or services to access the Docker API, following the principle of "least privilege."

4. Configure user namespaces: If rootless mode is not feasible, use the --userns-remap option to prevent containers from having full root access to the host.