Researchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems. The flaw has the same root cause as another authorization bypass vulnerability patched in 2024, but the underlying problem has been known since 2016. Tracked as CVE-2026-34040, the new vulnerability is rated 8.8 (high) on the CVSS scale and was fixed in Docker Engine 29.3.1 and Docker Desktop 4.66.1. If updates cannot be deployed immediately, malicious requests may possibly be filtered out by limiting request size to 512KB. “The Docker API is accessed over the network (TCP/TLS) in most enterprise deployments, CI/CD systems, and managem...