Critical Vulnerability in Docker Engine

Published on 30 Jul 2024

Docker has released security updates addressing a critical vulnerability (CVE-2024-41110) in their Docker Engine application. The vulnerability has a maximum Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.

Successful exploitation of the vulnerability could allow attackers to bypass authorisation plugins, potentially resulting in unauthorised actions, including privilege escalation.

The vulnerability affects the following Docker Engine versions:
  • <= v19.03.15
  • <= v20.10.27
  • <= v23.0.14
  • <= v24.0.9
  • <= v25.0.5
  • <= v26.0.2
  • <= v26.1.4
  • <= v27.0.3
  • <= v27.1.0

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here: