Home / mailings [USN-8230-1] Docker vulnerabilities
Posted on 06 May 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8230-1
May 06, 2026
docker.io-app vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Docker.
Software Description:
- docker.io-app: Linux container runtime
Details:
It was discovered that BuildKit, contained within Docker, incorrectly
handled file path validation when processing frontend API messages. An
attacker could possibly use this issue to write files outside of the
intended state directory. (CVE-2026-33747)
It was discovered that BuildKit, contained within Docker, incorrectly
validated the subdir component of Git URL fragments. An attacker could
possibly use this issue to access files outside of the checked-out
repository root. (CVE-2026-33748)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
docker.io 29.1.3-0ubuntu4.1
Ubuntu 24.04 LTS
docker.io 29.1.3-0ubuntu3~24.04.2
Ubuntu 22.04 LTS
docker.io 29.1.3-0ubuntu3~22.04.2
Ubuntu 20.04 LTS
docker.io 26.1.3-0ubuntu1~20.04.1+esm2
Available with Ubuntu Pro
After a standard system update you need to restart Docker to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8230-1
CVE-2026-33747, CVE-2026-33748
Package Information:
https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu4.1
https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu3~24.04.2
https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu3~22.04.2
--===============0920710173130902961==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
