Critical Docker Vulnerabilities Affect Multiple Ubuntu Releases

Critical Docker Vulnerabilities Affect Multiple Ubuntu Releases

First seen 7 May 2026, 11:13 UTC UbuntuLinuxsecurity 92% similarity 70.5

Article Content

Browse articles
ThreatCluster

Two critical vulnerabilities were discovered in Docker's BuildKit affecting Ubuntu 26.04 LTS and earlier versions. CVE-2026-33747 allows attackers to write files outside the intended state directory, while CVE-2026-33748 permits access to files outside the checked-out repository root. These vulnerabilities impact multiple Ubuntu releases including 26.04, 24.04, 22.04, and 20.04 LTS. Users are advised to update their systems to the latest package versions to mitigate these risks. The vulnerabilities were published on March 27, 2026, and are currently being addressed through system updates. Affected users must restart Docker after applying updates to ensure all changes take effect.

Key Points: • Two critical vulnerabilities in Docker's BuildKit affect multiple Ubuntu LTS versions. • CVE-2026-33747 and CVE-2026-33748 allow unauthorized file access and manipulation. • Users must update Docker to the latest versions and restart the service to mitigate risks.

ThreatCluster AI

Timeline

2026-03-27
CVE-2026-33747 published
A vulnerability in Docker's BuildKit allows file writing outside the intended directory.
Linuxsecurity
2026-03-27
CVE-2026-33748 published
A vulnerability in Docker's BuildKit allows unauthorized access to files outside the repository root.
Linuxsecurity
2026-05-06
Security advisory issued for Docker vulnerabilities
Ubuntu released USN-8230-1 addressing critical vulnerabilities in Docker affecting multiple LTS versions.
Ubuntu
2026-05-06
Users advised to update Docker
Ubuntu recommends users update to the latest Docker versions and restart the service after updates.
Ubuntu

Community

Browse all →