Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

moby — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting moby. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Moby serves as the foundational open-source framework for containerization, primarily powering Docker and enabling the creation, deployment, and running of distributed applications. Its architecture facilitates lightweight virtualization but has historically exposed specific vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws within its daemon and API interfaces. With thirty CVEs currently on record, these issues often stem from improper input validation, insecure default configurations, or race conditions in the container runtime. Notable incidents have highlighted risks related to container breakout attacks, where compromised containers gain access to the host system, potentially leading to full infrastructure compromise. Security assessments emphasize the critical need for regular patching, strict access controls, and continuous monitoring of the Moby engine to mitigate these persistent threats in modern cloud-native environments.

Top products by moby: moby buildkit hyperkit spdystream
CVE IDTitleCVSSSeverityPublished
CVE-2026-35469 SpdyStream: DOS on CRI — spdystreamCWE-770 9.8AICriticalAI2026-04-16
CVE-2026-33997 Moby: Off-by-one error in plugin privilege validation — mobyCWE-193 6.8 Medium2026-03-31
CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body — mobyCWE-288 8.8 High2026-03-31
CVE-2026-33748 BuildKit Git URL subdir component can cause access to restricted files — buildkitCWE-22 7.5 -2026-03-27
CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root — buildkitCWE-22 8.4 High2026-03-27
CVE-2025-54410 Moby's Firewalld reload removes bridge network isolation — mobyCWE-909 3.3 Low2025-07-30
CVE-2025-54388 Moby's Firewalld reload makes published container ports accessible from remote hosts — mobyCWE-909--2025-07-30
CVE-2024-41110 Moby authz zero length regression — mobyCWE-187 10.0 Critical2024-07-24
CVE-2024-32473 Moby IPv6 enabled on IPv4-only network interfaces — mobyCWE-668 4.7 Medium2024-04-18
CVE-2024-29018 External DNS requests from 'internal' networks could lead to data exfiltration — mobyCWE-669 5.9 Medium2024-03-20
CVE-2024-24557 Moby classic builder cache poisoning — mobyCWE-346 6.9 Medium2024-02-01
CVE-2024-23653 BuildKit interactive containers API does not validate entitlements check — buildkitCWE-863 9.8 Critical2024-01-31
CVE-2024-23652 BuildKit possible host system access from mount stub cleaner — buildkitCWE-22 10.0 Critical2024-01-31
CVE-2024-23651 BuildKit possible race condition with accessing subpaths from cache mounts — buildkitCWE-362 8.7 High2024-01-31
CVE-2024-23650 BuildKit possible panic when incorrect parameters sent from frontend — buildkitCWE-754 5.3 Medium2024-01-31
CVE-2023-28840 moby/moby's dockerd daemon encrypted overlay network may be unauthenticated — mobyCWE-420 7.5 High2023-04-04
CVE-2023-28841 moby/moby's dockerd daemon encrypted overlay network traffic may be unencrypted — mobyCWE-311 6.8 Medium2023-04-04
CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated — mobyCWE-420 6.8 Medium2023-04-04
CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit — buildkitCWE-200 6.5 Medium2023-03-06
CVE-2021-32847 Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx — hyperkitCWE-125 7.1 High2023-02-20
CVE-2021-32846 Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx — hyperkitCWE-908 7.7 High2023-02-17
CVE-2021-32845 Moby HyperKit uninitialized memory use vtrnd pci_vtrnd_notify — hyperkitCWE-908 7.7 High2023-02-17
CVE-2021-32844 HyperKit 代码问题漏洞 — hyperkitCWE-476 6.2 Medium2023-02-17
CVE-2021-32843 HyperKit 代码问题漏洞 — hyperkitCWE-476 6.2 Medium2023-02-17
CVE-2022-36109 Moby vulnerability relating to supplementary group permissions — mobyCWE-863 5.3 Medium2022-09-09
CVE-2022-24769 Default inheritable capabilities for linux container should be empty — mobyCWE-732 5.9 Medium2022-03-24
CVE-2021-41089 `docker cp` allows unexpected chmod of host files — mobyCWE-281 2.8 Low2021-10-04
CVE-2021-41091 Insufficiently restricted permissions on data directory in Docker Engine — mobyCWE-281 6.3 Medium2021-10-04
CVE-2021-21284 privilege escalation in Moby — mobyCWE-22 6.8 Medium2021-02-02
CVE-2021-21285 Docker daemon crash during image pull of malicious image — mobyCWE-400 6.5 Medium2021-02-02

This page lists every published CVE security advisory associated with moby. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.