Back

Critical Docker Vulnerabilities Affect Multiple Ubuntu Releases

Severity: High (Score: 70.5)

Sources: Linuxsecurity, Ubuntu

Summary

Two critical vulnerabilities were discovered in Docker's BuildKit affecting Ubuntu 26.04 LTS and earlier versions. CVE-2026-33747 allows attackers to write files outside the intended state directory, while CVE-2026-33748 permits access to files outside the checked-out repository root. These vulnerabilities impact multiple Ubuntu releases including 26.04, 24.04, 22.04, and 20.04 LTS. Users are advised to update their systems to the latest package versions to mitigate these risks. The vulnerabilities were published on March 27, 2026, and are currently being addressed through system updates. Affected users must restart Docker after applying updates to ensure all changes take effect. Key Points: • Two critical vulnerabilities in Docker's BuildKit affect multiple Ubuntu LTS versions. • CVE-2026-33747 and CVE-2026-33748 allow unauthorized file access and manipulation. • Users must update Docker to the latest versions and restart the service to mitigate risks.

Key Entities

  • CVE-2026-33747 (cve)
  • CVE-2026-33748 (cve)
  • CWE-22 - Path Traversal (cwe)
  • Docker (tool)
  • Linux (platform)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed