Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33748 (GCVE-0-2026-33748)
Vulnerability from cvelistv5 – Published: 2026-03-27 14:00 – Updated: 2026-03-27 19:58
VLAI
EPSS
Title
BuildKit Git URL subdir component can cause access to restricted files
Summary
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/moby/buildkit/security/advisor… | x_refsource_CONFIRM |
| https://docs.docker.com/build/concepts/context/#u… | x_refsource_MISC |
| https://github.com/moby/buildkit/releases/tag/v0.28.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T18:55:58.658220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:58:28.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "buildkit",
"vendor": "moby",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T14:00:21.200Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
},
{
"name": "https://docs.docker.com/build/concepts/context/#url-fragments",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.docker.com/build/concepts/context/#url-fragments"
},
{
"name": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
}
],
"source": {
"advisory": "GHSA-4vrq-3vrq-g6gg",
"discovery": "UNKNOWN"
},
"title": "BuildKit Git URL subdir component can cause access to restricted files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33748",
"datePublished": "2026-03-27T14:00:21.200Z",
"dateReserved": "2026-03-23T18:30:14.124Z",
"dateUpdated": "2026-03-27T19:58:28.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-33748",
"date": "2026-06-11",
"epss": "0.00032",
"percentile": "0.09677"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33748\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-27T15:16:57.127\",\"lastModified\":\"2026-04-20T12:37:46.220\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.28.1\",\"matchCriteriaId\":\"393ED789-1B13-4B78-8AFB-290B67EE2A8A\"}]}]}],\"references\":[{\"url\":\"https://docs.docker.com/build/concepts/context/#url-fragments\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/moby/buildkit/releases/tag/v0.28.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33748\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-27T18:55:58.658220Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-27T18:56:03.208Z\"}}], \"cna\": {\"title\": \"BuildKit Git URL subdir component can cause access to restricted files\", \"source\": {\"advisory\": \"GHSA-4vrq-3vrq-g6gg\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"moby\", \"product\": \"buildkit\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.28.1\"}]}], \"references\": [{\"url\": \"https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg\", \"name\": \"https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://docs.docker.com/build/concepts/context/#url-fragments\", \"name\": \"https://docs.docker.com/build/concepts/context/#url-fragments\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/moby/buildkit/releases/tag/v0.28.1\", \"name\": \"https://github.com/moby/buildkit/releases/tag/v0.28.1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-27T14:00:21.200Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33748\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-27T19:58:28.764Z\", \"dateReserved\": \"2026-03-23T18:30:14.124Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-27T14:00:21.200Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:21851-1
Vulnerability from csaf_suse - Published: 2026-05-26 12:29 - Updated: 2026-05-26 12:29Summary
Security update for docker-stable
Severity
Important
Notes
Title of the patch: Security update for docker-stable
Description of the patch: This update for docker-stable fixes the following issues
- CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written
outside of the BuildKit state directory (bsc#1260967).
- CVE-2026-33748: github.com/moby/buildkit: insufficient validation of Git URL fragment subdir components may allow
access to files outside the checked-out Git repository (bsc#1261078).
Patchnames: SUSE-SLES-16.0-804
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.4 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-stable",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-stable fixes the following issues\n\n- CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written\n outside of the BuildKit state directory (bsc#1260967).\n- CVE-2026-33748: github.com/moby/buildkit: insufficient validation of Git URL fragment subdir components may allow\n access to files outside the checked-out Git repository (bsc#1261078).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-804",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21851-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21851-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621851-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21851-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/046923.html"
},
{
"category": "self",
"summary": "SUSE Bug 1260967",
"url": "https://bugzilla.suse.com/1260967"
},
{
"category": "self",
"summary": "SUSE Bug 1261078",
"url": "https://bugzilla.suse.com/1261078"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33747 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33748 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33748/"
}
],
"title": "Security update for docker-stable",
"tracking": {
"current_release_date": "2026-05-26T12:29:09Z",
"generator": {
"date": "2026-05-26T12:29:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21851-1",
"initial_release_date": "2026-05-26T12:29:09Z",
"revision_history": [
{
"date": "2026-05-26T12:29:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.5.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-160000.5.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"product_id": "docker-stable-buildx-0.25.0-160000.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"product_id": "docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"product_id": "docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"product_id": "docker-stable-buildx-0.25.0-160000.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.5.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-160000.5.1.s390x",
"product_id": "docker-stable-24.0.9_ce-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.5.1.s390x",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.s390x",
"product_id": "docker-stable-buildx-0.25.0-160000.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.5.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-160000.5.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"product_id": "docker-stable-buildx-0.25.0-160000.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33747"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33747",
"url": "https://www.suse.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "SUSE Bug 1260954 for CVE-2026-33747",
"url": "https://bugzilla.suse.com/1260954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-26T12:29:09Z",
"details": "important"
}
],
"title": "CVE-2026-33747"
},
{
"cve": "CVE-2026-33748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33748"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33748",
"url": "https://www.suse.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "SUSE Bug 1261046 for CVE-2026-33748",
"url": "https://bugzilla.suse.com/1261046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-24.0.9_ce-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-bash-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-buildx-0.25.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-fish-completion-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-26T12:29:09Z",
"details": "important"
}
],
"title": "CVE-2026-33748"
}
]
}
WID-SEC-W-2026-0873
Vulnerability from csaf_certbund - Published: 2026-03-25 23:00 - Updated: 2026-06-02 22:00Summary
docker: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in docker ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Service Mesh <3.1.7
Red Hat / OpenShift
|
Service Mesh <3.1.7 | ||
|
Open Source docker <v29.3.1
Open Source / docker
|
<v29.3.1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux Multicluster Global Hub <1.5.4
Red Hat / Enterprise Linux
|
Multicluster Global Hub <1.5.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Service Mesh <3.1.7
Red Hat / OpenShift
|
Service Mesh <3.1.7 | ||
|
Open Source docker <v29.3.1
Open Source / docker
|
<v29.3.1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux Multicluster Global Hub <1.5.4
Red Hat / Enterprise Linux
|
Multicluster Global Hub <1.5.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Service Mesh <3.1.7
Red Hat / OpenShift
|
Service Mesh <3.1.7 | ||
|
Open Source docker <v29.3.1
Open Source / docker
|
<v29.3.1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux Multicluster Global Hub <1.5.4
Red Hat / Enterprise Linux
|
Multicluster Global Hub <1.5.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Service Mesh <3.1.7
Red Hat / OpenShift
|
Service Mesh <3.1.7 | ||
|
Open Source docker <v29.3.1
Open Source / docker
|
<v29.3.1 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux Multicluster Global Hub <1.5.4
Red Hat / Enterprise Linux
|
Multicluster Global Hub <1.5.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
33 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in docker ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0873 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0873.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0873 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0873"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2026-03-25",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2026-03-25",
"url": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2026-03-25",
"url": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2026-03-25",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2026-03-25",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10456-1 vom 2026-03-31",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ALAYFKV47ZMD6AVIDBCU45FBNRL6UECT/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10472-1 vom 2026-04-02",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VLNXV4YWAMBBMW4SAHSBAB45RZLQ52A2/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-108 vom 2026-04-14",
"url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-108.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2026-094 vom 2026-04-14",
"url": "https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAVES-2026-094.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2ECS-2026-106 vom 2026-04-14",
"url": "https://alas.aws.amazon.com/AL2/ALAS2ECS-2026-106.html"
},
{
"category": "external",
"summary": "Container-Optimized OS release notes vom 2026-04-14",
"url": "https://docs.cloud.google.com/container-optimized-os/docs/release-notes#April_13_2026"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:9448 vom 2026-04-21",
"url": "https://access.redhat.com/errata/RHSA-2026:9448"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:9453 vom 2026-04-21",
"url": "https://access.redhat.com/errata/RHSA-2026:9453"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10125 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-111 vom 2026-04-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-111.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2026-097 vom 2026-04-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAVES-2026-097.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:0163-1 vom 2026-05-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IFW45RUOZS7A7TR64FJFNY73BSZ7AEOP/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8230-1 vom 2026-05-06",
"url": "https://ubuntu.com/security/notices/USN-8230-1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-4A5F6691BF vom 2026-05-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-4a5f6691bf"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-F5BC7FF320 vom 2026-05-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-f5bc7ff320"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-645AC72FF4 vom 2026-05-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-645ac72ff4"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-13E7EFE33E vom 2026-05-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-13e7efe33e"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-951A6725B8 vom 2026-05-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-951a6725b8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-3316F97296 vom 2026-05-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-3316f97296"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-D275A6EAAC vom 2026-05-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-d275a6eaac"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21769 vom 2026-05-28",
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20814-1 vom 2026-05-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LATMES6ZC2GIW3AV47USNM4QED3KM732/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2120-1 vom 2026-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026389.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21851-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026431.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22347 vom 2026-06-02",
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22465 vom 2026-06-02",
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"source_lang": "en-US",
"title": "docker: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-02T22:00:00.000+00:00",
"generator": {
"date": "2026-06-03T06:33:00.620+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0873",
"initial_release_date": "2026-03-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-16518"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-16618"
},
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-04-06T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-04-13T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-04-14T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-23T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-29T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-05-05T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-05-17T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-05-21T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-05-28T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat und openSUSE aufgenommen"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "20"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Container-Optimized OS",
"product": {
"name": "Google Container-Optimized OS",
"product_id": "1607324",
"product_identification_helper": {
"cpe": "cpe:/o:google:container-optimized_os:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv29.3.1",
"product": {
"name": "Open Source docker \u003cv29.3.1",
"product_id": "T052151"
}
},
{
"category": "product_version",
"name": "v29.3.1",
"product": {
"name": "Open Source docker v29.3.1",
"product_id": "T052151-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:v29.3.1"
}
}
}
],
"category": "product_name",
"name": "docker"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Multicluster Global Hub \u003c1.5.4",
"product": {
"name": "Red Hat Enterprise Linux Multicluster Global Hub \u003c1.5.4",
"product_id": "T054839"
}
},
{
"category": "product_version",
"name": "Multicluster Global Hub 1.5.4",
"product": {
"name": "Red Hat Enterprise Linux Multicluster Global Hub 1.5.4",
"product_id": "T054839-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:multicluster_global_hub__1.5.4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Service Mesh \u003c3.1.7",
"product": {
"name": "Red Hat OpenShift Service Mesh \u003c3.1.7",
"product_id": "T053044"
}
},
{
"category": "product_version",
"name": "Service Mesh 3.1.7",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1.7",
"product_id": "T053044-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh__3.1.7"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33747",
"product_status": {
"known_affected": [
"T053044",
"T052151",
"T002207",
"T054839",
"67646",
"T000126",
"T027843",
"398363",
"1607324",
"74185"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2026-33747"
},
{
"cve": "CVE-2026-33748",
"product_status": {
"known_affected": [
"T053044",
"T052151",
"T002207",
"T054839",
"67646",
"T000126",
"T027843",
"398363",
"1607324",
"74185"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2026-33748"
},
{
"cve": "CVE-2026-33997",
"product_status": {
"known_affected": [
"T053044",
"T052151",
"T002207",
"T054839",
"67646",
"T000126",
"T027843",
"398363",
"1607324",
"74185"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2026-33997"
},
{
"cve": "CVE-2026-34040",
"product_status": {
"known_affected": [
"T053044",
"T052151",
"T002207",
"T054839",
"67646",
"T000126",
"T027843",
"398363",
"1607324",
"74185"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2026-34040"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…