Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-41567 (GCVE-0-2026-41567)
Vulnerability from cvelistv5 – Published: 2026-06-05 00:35 – Updated: 2026-06-30 12:06- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://github.com/moby/moby/security/advisories/… | x_refsource_CONFIRM |
| https://access.redhat.com/security/cve/CVE-2026-41567 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485356 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| moby | moby/v2/daemon |
Affected:
< 2.0.0-beta.14
|
|
| moby | Docker Engine |
Affected:
< 29.5.1
|
|
| docker | docker/daemon |
Affected:
<= 28.5.2
|
|
| Red Hat | Exploit Intelligence |
cpe:/a:redhat:exploit_intelligence:0 |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Source-to-Image (S2I) |
cpe:/a:redhat:source_to_image:1 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 |
cpe:/a:redhat:acm:2 |
|
| Red Hat | Red Hat Ceph Storage 5 |
cpe:/a:redhat:ceph_storage:5 |
|
| Red Hat | Red Hat Ceph Storage 7 |
cpe:/a:redhat:ceph_storage:7 |
|
| Red Hat | Red Hat Ceph Storage 8 |
cpe:/a:redhat:ceph_storage:8 |
|
| Red Hat | Red Hat Ceph Storage 9 |
cpe:/a:redhat:ceph_storage:9 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3 |
cpe:/a:redhat:openshift_distributed_tracing:3 |
|
| Red Hat | Multicluster Global Hub |
cpe:/a:redhat:multicluster_globalhub |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T13:11:38.173928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T13:11:47.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:exploit_intelligence:0"
],
"defaultStatus": "affected",
"product": "Exploit Intelligence",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:source_to_image:1"
],
"defaultStatus": "affected",
"product": "OpenShift Source-to-Image (S2I)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:5"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:7"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:8"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:9"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub"
],
"defaultStatus": "unaffected",
"product": "Multicluster Global Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-05T00:35:50.563Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moby, the open-source container framework, and Docker Engine. A malicious container image can exploit this vulnerability to achieve arbitrary code execution with full daemon privileges, including host root access. This occurs when a user uploads a compressed archive to the container, as the daemon incorrectly uses decompression binaries from the container\u0027s filesystem. This allows an attacker to gain complete control over the affected system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:07.917Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-41567"
},
{
"name": "RHBZ#2485356",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485356"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41567.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-05T02:00:54.488Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-05T00:35:50.563Z",
"value": "Made public."
}
],
"title": "docker: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, Red Hat recommends only running containers from trusted images. Additionally, users should avoid piping compressed archives into containers created from untrusted images. For environments utilizing authorization plugins, restricting access to the `PUT /containers/{id}/archive` endpoint can further reduce exposure."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "moby/v2/daemon",
"vendor": "moby",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.0-beta.14"
}
]
},
{
"product": "Docker Engine",
"vendor": "moby",
"versions": [
{
"status": "affected",
"version": "\u003c 29.5.1"
}
]
},
{
"product": "docker/daemon",
"vendor": "docker",
"versions": [
{
"status": "affected",
"version": "\u003c= 28.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container\u0027s filesystem rather than the host\u0027s due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T00:35:50.563Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r"
}
],
"source": {
"advisory": "GHSA-x86f-5xw2-fm2r",
"discovery": "UNKNOWN"
},
"title": "Docker: `PUT /containers/{id}/archive` executes container binary on the host"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41567",
"datePublished": "2026-06-05T00:35:50.563Z",
"dateReserved": "2026-04-21T14:15:21.957Z",
"dateUpdated": "2026-06-30T12:06:07.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-41567",
"date": "2026-07-01",
"epss": "0.00153",
"percentile": "0.04882"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-41567\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-06-05T02:17:13.817\",\"lastModified\":\"2026-06-30T13:18:24.083\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container\u0027s filesystem rather than the host\u0027s due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"moby\",\"product\":\"moby/v2/daemon\",\"versions\":[{\"version\":\"\u003c 2.0.0-beta.14\",\"status\":\"affected\"}]},{\"vendor\":\"moby\",\"product\":\"Docker Engine\",\"versions\":[{\"version\":\"\u003c 29.5.1\",\"status\":\"affected\"}]},{\"vendor\":\"docker\",\"product\":\"docker/daemon\",\"versions\":[{\"version\":\"\u003c= 28.5.2\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Exploit Intelligence\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:exploit_intelligence:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Source-to-Image (S2I)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:source_to_image:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift distributed tracing 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_distributed_tracing:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":5.8},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":6.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-05T13:11:38.173928Z\",\"id\":\"CVE-2026-41567\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"references\":[{\"url\":\"https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-41567\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2485356\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41567.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41567\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-05T13:11:38.173928Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-05T13:11:42.359Z\"}}], \"cna\": {\"title\": \"Docker: `PUT /containers/{id}/archive` executes container binary on the host\", \"source\": {\"advisory\": \"GHSA-x86f-5xw2-fm2r\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"moby\", \"product\": \"moby/v2/daemon\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.0.0-beta.14\"}]}, {\"vendor\": \"moby\", \"product\": \"Docker Engine\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 29.5.1\"}]}, {\"vendor\": \"docker\", \"product\": \"docker/daemon\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 28.5.2\"}]}], \"references\": [{\"url\": \"https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r\", \"name\": \"https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container\u0027s filesystem rather than the host\u0027s due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-427\", \"description\": \"CWE-427: Uncontrolled Search Path Element\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-05T00:35:50.563Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-41567\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-05T13:11:47.568Z\", \"dateReserved\": \"2026-04-21T14:15:21.957Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-05T00:35:50.563Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-41567
Vulnerability from fkie_nvd - Published: 2026-06-05 02:17 - Updated: 2026-06-30 13:187.5 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"product": "moby/v2/daemon",
"vendor": "moby",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.0-beta.14"
}
]
},
{
"product": "Docker Engine",
"vendor": "moby",
"versions": [
{
"status": "affected",
"version": "\u003c 29.5.1"
}
]
},
{
"product": "docker/daemon",
"vendor": "docker",
"versions": [
{
"status": "affected",
"version": "\u003c= 28.5.2"
}
]
}
],
"source": "security-advisories@github.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:/a:redhat:exploit_intelligence:0"
],
"defaultStatus": "affected",
"product": "Exploit Intelligence",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:source_to_image:1"
],
"defaultStatus": "affected",
"product": "OpenShift Source-to-Image (S2I)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:5"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:7"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:8"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:9"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub"
],
"defaultStatus": "unaffected",
"product": "Multicluster Global Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container\u0027s filesystem rather than the host\u0027s due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images"
}
],
"id": "CVE-2026-41567",
"lastModified": "2026-06-30T13:18:24.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-41567",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T13:11:38.173928Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-05T02:17:13.817",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2026-41567"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485356"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41567.json"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
GHSA-X86F-5XW2-FM2R
Vulnerability from github – Published: 2026-05-18 17:47 – Updated: 2026-06-09 11:55Summary
When a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon (host root) privileges.
Details
When handling PUT /containers/{id}/archive requests with compressed archives, the daemon decompresses them using external system binaries. Due to incorrect ordering of operations, these binaries are resolved from the container's filesystem rather than the host's. A container image that includes a trojanized decompression binary can achieve code execution as the daemon process whenever a compressed archive is uploaded to that container.
The executed binary runs with the daemon's full privileges, including host root UID and unrestricted capabilities.
Impact
Arbitrary code execution as host root, crossing the container-to-host trust boundary.
Conditions for exploitation
- A user must run a container from a malicious image that contains a trojanized decompression binary.
- The user must then upload a compressed archive (xz or gzip) into that container, either by piping a compressed archive via
docker cp -or by calling thePUT /containers/{id}/archiveAPI directly with compressed content.
Not affected
Standard docker cp usage is not affected, because the CLI sends uncompressed tar by default:
docker cp ./file.txt mycontainer:/file.txt
This can only be exploited when explicitly passing a xz or gzip-compressed archive to docker cp or the PUT /containers/{id}/archive API, for example:
cat archive.tar.xz | docker cp - mycontainer:/dir
Decompression formats using pure Go implementations (bzip2, zstd, and gzip when the container image does not contain an unpigz binary) are also not affected.
Workarounds
- Only run containers from trusted images.
- Use authorization plugins to limit access to the
PUT /containers/{id}/archiveendpoint. - Avoid piping compressed archives into containers created from untrusted images.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/moby/moby/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0-beta.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/docker/docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "28.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/moby/moby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "28.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41567"
],
"database_specific": {
"cwe_ids": [
"CWE-427"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T17:47:23Z",
"nvd_published_at": "2026-06-05T02:17:13Z",
"severity": "HIGH"
},
"details": "## Summary\n\nWhen a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon (host root) privileges.\n\n## Details\n\nWhen handling `PUT /containers/{id}/archive` requests with compressed archives, the daemon decompresses them using external system binaries. Due to incorrect ordering of operations, these binaries are resolved from the container\u0027s filesystem rather than the host\u0027s. A container image that includes a trojanized decompression binary can achieve code execution as the daemon process whenever a compressed archive is uploaded to that container.\n\nThe executed binary runs with the daemon\u0027s full privileges, including host root UID and unrestricted capabilities.\n\n## Impact\n\nArbitrary code execution as host root, crossing the container-to-host trust boundary.\n\n### Conditions for exploitation\n\n- A user must run a container from a malicious image that contains a trojanized decompression binary.\n- The user must then upload a compressed archive (xz or gzip) into that container, either by piping a compressed archive via `docker cp -` or by calling the `PUT /containers/{id}/archive` API directly with compressed content.\n\n### Not affected\n\nStandard `docker cp` usage is **not** affected, because the CLI sends uncompressed tar by default:\n\n```\ndocker cp ./file.txt mycontainer:/file.txt\n```\n\nThis can only be exploited when explicitly passing a xz or gzip-compressed archive to `docker cp` or the `PUT /containers/{id}/archive` API, for example:\n\n```\ncat archive.tar.xz | docker cp - mycontainer:/dir\n```\n\nDecompression formats using pure Go implementations (bzip2, zstd, and gzip when the container image does not contain an `unpigz` binary) are also not affected.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Use authorization plugins to limit access to the `PUT /containers/{id}/archive` endpoint.\n- Avoid piping compressed archives into containers created from untrusted images.",
"id": "GHSA-x86f-5xw2-fm2r",
"modified": "2026-06-09T11:55:27Z",
"published": "2026-05-18T17:47:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41567"
},
{
"type": "PACKAGE",
"url": "https://github.com/moby/moby"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Docker: `PUT /containers/{id}/archive` executes container binary on the host"
}
OPENSUSE-SU-2026:11075-1
Vulnerability from csaf_opensuse - Published: 2026-06-22 00:00 - Updated: 2026-06-22 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-stable-24.0.9_ce-18.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-stable-24.0.9_ce-18.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11075",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11075-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33747 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33748 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33997 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34040 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41567 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41567/"
}
],
"title": "docker-stable-24.0.9_ce-18.1 on GA media",
"tracking": {
"current_release_date": "2026-06-22T00:00:00Z",
"generator": {
"date": "2026-06-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11075-1",
"initial_release_date": "2026-06-22T00:00:00Z",
"revision_history": [
{
"date": "2026-06-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.aarch64",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.aarch64",
"product_id": "docker-stable-buildx-0.25.0-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.ppc64le",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.ppc64le",
"product_id": "docker-stable-buildx-0.25.0-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.s390x",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.s390x",
"product_id": "docker-stable-buildx-0.25.0-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.x86_64",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.x86_64",
"product_id": "docker-stable-buildx-0.25.0-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33747"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33747",
"url": "https://www.suse.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "SUSE Bug 1260954 for CVE-2026-33747",
"url": "https://bugzilla.suse.com/1260954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33747"
},
{
"cve": "CVE-2026-33748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33748"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33748",
"url": "https://www.suse.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "SUSE Bug 1261046 for CVE-2026-33748",
"url": "https://bugzilla.suse.com/1261046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33748"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-33997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33997"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon\u0027s privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33997",
"url": "https://www.suse.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "SUSE Bug 1265907 for CVE-2026-33997",
"url": "https://bugzilla.suse.com/1265907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33997"
},
{
"cve": "CVE-2026-34040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34040"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34040",
"url": "https://www.suse.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "SUSE Bug 1261378 for CVE-2026-34040",
"url": "https://bugzilla.suse.com/1261378"
},
{
"category": "external",
"summary": "SUSE Bug 1265929 for CVE-2026-34040",
"url": "https://bugzilla.suse.com/1265929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-34040"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-41567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41567"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container\u0027s filesystem rather than the host\u0027s due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41567",
"url": "https://www.suse.com/security/cve/CVE-2026-41567"
},
{
"category": "external",
"summary": "SUSE Bug 1267827 for CVE-2026-41567",
"url": "https://bugzilla.suse.com/1267827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-41567"
}
]
}
SUSE-SU-2026:22285-1
Vulnerability from csaf_suse - Published: 2026-06-25 12:44 - Updated: 2026-06-25 12:44| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker fixes the following issues\n\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265782).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266625).\n- CVE-2026-39984: github.com/sigstore/timestamp-authority/v2/pkg/verification: improper certificate validation can be\n used to bypass some authorization controls (bsc#1262346).\n- CVE-2026-41567: arbitrary code execution with full daemon privileges when a user uploads a compressed archive into\n that container (bsc#1267827).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-1081",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22285-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22285-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622285-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22285-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047673.html"
},
{
"category": "self",
"summary": "SUSE Bug 1262346",
"url": "https://bugzilla.suse.com/1262346"
},
{
"category": "self",
"summary": "SUSE Bug 1265782",
"url": "https://bugzilla.suse.com/1265782"
},
{
"category": "self",
"summary": "SUSE Bug 1266625",
"url": "https://bugzilla.suse.com/1266625"
},
{
"category": "self",
"summary": "SUSE Bug 1267827",
"url": "https://bugzilla.suse.com/1267827"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39984 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41567 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41567/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2026-06-25T12:44:31Z",
"generator": {
"date": "2026-06-25T12:44:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22285-1",
"initial_release_date": "2026-06-25T12:44:31Z",
"revision_history": [
{
"date": "2026-06-25T12:44:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.aarch64",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.aarch64",
"product_id": "docker-29.4.0_ce-160000.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.aarch64",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.aarch64",
"product_id": "docker-buildx-0.33.0-160000.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.ppc64le",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.ppc64le",
"product_id": "docker-29.4.0_ce-160000.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.ppc64le",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.ppc64le",
"product_id": "docker-buildx-0.33.0-160000.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.s390x",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.s390x",
"product_id": "docker-29.4.0_ce-160000.7.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.s390x",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.s390x",
"product_id": "docker-buildx-0.33.0-160000.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.x86_64",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.x86_64",
"product_id": "docker-29.4.0_ce-160000.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.x86_64",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.x86_64",
"product_id": "docker-buildx-0.33.0-160000.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39984"
}
],
"notes": [
{
"category": "general",
"text": "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint checks in VerifyLeafCert uses the first non-CA certificate from the PKCS#7 certificate bag instead of the leaf certificate from the verified chain. An attacker can exploit this by prepending a forged certificate to the certificate bag while the message is signed with an authorized key, causing the library to validate the signature against one certificate but perform authorization checks against another. This vulnerability only affects users of the timestamp-authority/v2/pkg/verification package and does not affect the timestamp-authority service itself or sigstore-go. The issue has been fixed in version 2.0.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39984",
"url": "https://www.suse.com/security/cve/CVE-2026-39984"
},
{
"category": "external",
"summary": "SUSE Bug 1262338 for CVE-2026-39984",
"url": "https://bugzilla.suse.com/1262338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "moderate"
}
],
"title": "CVE-2026-39984"
},
{
"cve": "CVE-2026-41567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41567"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container\u0027s filesystem rather than the host\u0027s due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41567",
"url": "https://www.suse.com/security/cve/CVE-2026-41567"
},
{
"category": "external",
"summary": "SUSE Bug 1267827 for CVE-2026-41567",
"url": "https://bugzilla.suse.com/1267827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "important"
}
],
"title": "CVE-2026-41567"
}
]
}
WID-SEC-W-2026-1584
Vulnerability from csaf_certbund - Published: 2026-05-18 22:00 - Updated: 2026-06-14 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source docker <29.5.1
Open Source / docker
|
<29.5.1 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source docker <29.5.1
Open Source / docker
|
<29.5.1 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source docker <29.5.1
Open Source / docker
|
<29.5.1 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in docker ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1584 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1584.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1584 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1584"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rg2x-37c3-w2rh vom 2026-05-18",
"url": "https://github.com/advisories/GHSA-rg2x-37c3-w2rh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-vp62-88p7-qqf5 vom 2026-05-18",
"url": "https://github.com/advisories/GHSA-vp62-88p7-qqf5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-x86f-5xw2-fm2r vom 2026-05-18",
"url": "https://github.com/advisories/GHSA-x86f-5xw2-fm2r"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-126 vom 2026-06-08",
"url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-126.html"
}
],
"source_lang": "en-US",
"title": "docker: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-14T22:00:00.000+00:00",
"generator": {
"date": "2026-06-15T08:01:09.935+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1584",
"initial_release_date": "2026-05-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-04T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-34779"
},
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-06-14T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: EUVD-2026-36528, EUVD-2026-36527"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c29.5.1",
"product": {
"name": "Open Source docker \u003c29.5.1",
"product_id": "T054310"
}
},
{
"category": "product_version",
"name": "29.5.1",
"product": {
"name": "Open Source docker 29.5.1",
"product_id": "T054310-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:29.5.1"
}
}
}
],
"category": "product_name",
"name": "docker"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41567",
"product_status": {
"known_affected": [
"T054310",
"398363"
]
},
"release_date": "2026-05-18T22:00:00.000+00:00",
"title": "CVE-2026-41567"
},
{
"cve": "CVE-2026-41568",
"product_status": {
"known_affected": [
"T054310",
"398363"
]
},
"release_date": "2026-05-18T22:00:00.000+00:00",
"title": "CVE-2026-41568"
},
{
"cve": "CVE-2026-42306",
"product_status": {
"known_affected": [
"T054310",
"398363"
]
},
"release_date": "2026-05-18T22:00:00.000+00:00",
"title": "CVE-2026-42306"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.