Critical Vulnerabilities in Fedora Docker-Buildx and Buildkit

Critical Vulnerabilities in Fedora Docker-Buildx and Buildkit

First seen 27 Jun 2026, 03:24 UTC Linuxsecurity 84% similarity 72.8
Share:

Article Content

Browse articles
ThreatCluster

Fedora has released updates addressing critical vulnerabilities in docker-buildx and docker-buildkit. CVE-2026-39828 allows unauthorized command execution via discarded SSH permissions, while CVE-2026-39829 enables denial of service through crafted public keys. Both vulnerabilities were published on May 22, 2026, and affect users of Fedora 43 and 44. The updates, released on June 18, 2026, resolve these issues and include upstream enhancements. Users are advised to upgrade to the latest version using the 'dnf' update program. The vulnerabilities pose significant risks to system integrity and availability, necessitating immediate action from administrators.

Key Points: • CVE-2026-39828 allows unauthorized command execution in docker-buildx. • CVE-2026-39829 enables denial of service via crafted public keys in docker-buildkit. • Fedora users are urged to update to the latest versions immediately.

ThreatCluster AI

Timeline

2026-05-22
CVE-2026-39828 and CVE-2026-39829 published
Fedora disclosed two critical vulnerabilities affecting docker-buildx and docker-buildkit, allowing unauthorized command execution and denial of service.
Linuxsecurity
2026-06-18
Fedora releases updates for docker-buildx and docker-buildkit
Updates to versions 0.35.0 and 0.31.0 were released to resolve CVE-2026-39828 and CVE-2026-39829, including upstream enhancements.
Linuxsecurity
2026-06-27
Current status and advisories
Fedora users are advised to upgrade to the latest versions immediately to mitigate risks from the vulnerabilities.
Linuxsecurity

Extracted Entities

1 / 2

Community

Browse all →