my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #cve-2026-34040

Docker's Authorization Bypass Is Back. It's Been Broken for a Decade.

John Z Black Apr 8, 2026

Vulnerabilities & Patching #docker #container-security #authz-bypass #cve-2026-34040 #ai-agents #sandbox-escape

Pad an HTTP request past 1MB and Docker's AuthZ plugins see nothing. CVE-2026-34040 has been sitting in Docker Engine since 2016, and researchers showed AI agents can be tricked into exploiting it.

Read More