CVE-2026-33997
highCVSS v3 Base Score
8.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 96% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Published: March 31, 2026 (101 days ago)
Last Modified: March 31, 2026
Vendor: Red Hat
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.
CWE
CWE-266Affected Products
Multicluster Engine for KubernetesMulticluster Global HubOpenShift Service Mesh 2Red Hat Advanced Cluster Management for Kubernetes 2Red Hat OpenShift Container Platform 4Red Hat OpenShift Virtualization 4