Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

ubuntu
Calendar Grey May 6, 2026
Scroller Ubuntu
========================================================================== Ubuntu Security Notice US
Several security issues were fixed in Docker.

Summary

Several security issues were fixed in Docker.

Software Description:

- docker.io-app: Linux container runtime

Details:

It was discovered that BuildKit, contained within Docker, incorrectly

handled file path validation when processing frontend API messages. An

attacker could possibly use this issue to write files outside of the

intended state directory. (CVE-2026-33747)

It was discovered that BuildKit, contained within Docker, incorrectly

validated the subdir component of Git URL fragments. An attacker could

possibly use this issue to access files outside of the checked-out

repository root. (CVE-2026-33748)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  docker.io                       29.1.3-0ubuntu4.1

Ubuntu 24.04 LTS
  docker.io                       29.1.3-0ubuntu3~24.04.2

Ubuntu 22.04 LTS
  docker.io                       29.1.3-0ubuntu3~22.04.2

Ubuntu 20.04 LTS
  docker.io                       26.1.3-0ubuntu1~20.04.1+esm2
                                  Available with Ubuntu Pro

After a standard system update you need to restart Docker to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-8230-1

CVE-2026-33747, CVE-2026-33748

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8230-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.