Docker CVE-2026-34040: Oversized HTTP Request Silently Disables All Authorization Plugins
Cyera Research discovered that a single HTTP request body exceeding 1 MB causes Docker's middleware to drop the body before AuthZ plugins inspect it — while th…
Published on MyPrivateClaw
Apr 8, 2026, 8:58 AM UTC
Coverage date
Apr 8, 2026
Last updated
Apr 10, 2026, 11:35 AM UTC
News summary
The Bouncer Who Goes Home When the Line Gets Long Cyera Research has disclosed CVE 2026 34040, a critical authorization bypass vulnerability in Docker Engine affecting an estimated 92% of enterprise container deployments. The flaw has a CVSS score of 8.8 (High) and allows an attacker to create privileged containers with full host filesystem access by sending a single oversized HTTP request. The root cause is elegantly simple and deeply concerning: when a Docker API request body exceeds 1 MB, the middleware layer silently drops the body before it reaches any authorization (AuthZ) plugin. The plugin, receiving a null body, sees nothing to inspect and approves the request. The Docker daemon, however, processes the full original body and creates the container as requested — potentially granting root level access to the host system. A Recurring Vulnerability Class This is not the first time…