CVE-2026-33747 Overview
CVE-2026-33747 is a critical path traversal vulnerability in BuildKit, a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. This vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).
Critical Impact
A malicious or untrusted BuildKit frontend can exploit this path traversal vulnerability to write arbitrary files outside the intended state directory, potentially leading to remote code execution, container escape, or compromise of the host system.
Affected Products
- Mobyproject BuildKit versions prior to 0.28.1
- Container build environments utilizing custom or untrusted BuildKit frontends
- Docker build processes using #syntax directive or --build-arg BUILDKIT_SYNTAX with untrusted frontend images
Discovery Timeline
- 2026-03-27 - CVE CVE-2026-33747 published to NVD
- 2026-04-01 - Last updated in NVD database
Technical Details for CVE-2026-33747
Vulnerability Analysis
This vulnerability stems from insufficient validation of file paths within the BuildKit frontend communication protocol. BuildKit allows custom frontends to be specified via the #syntax directive in Dockerfiles or through the --build-arg BUILDKIT_SYNTAX build argument. When processing API messages from these frontends, BuildKit fails to properly sanitize path components, allowing a malicious frontend to traverse outside the designated state directory.
The exploitation requires the use of an untrusted BuildKit frontend. Using well-known, trusted frontend images such as docker/dockerfile is not affected by this vulnerability. The attack surface is limited to scenarios where users explicitly configure their builds to use custom or third-party frontend images.
Root Cause
The root cause is a path traversal vulnerability (CWE-22) in how BuildKit handles file path operations from frontend API messages. The application does not properly validate or sanitize path input, allowing directory traversal sequences (such as ../) to escape the intended state directory boundaries.
Attack Vector
The attack is network-accessible and requires no authentication or user interaction. An attacker must craft a malicious BuildKit frontend image and convince a victim to use it via the #syntax directive or --build-arg BUILDKIT_SYNTAX parameter. Once the malicious frontend is invoked during a build process, it can send specially crafted API messages that instruct BuildKit to write files to arbitrary locations on the filesystem outside the execution context's state directory.
The vulnerability manifests when the BuildKit daemon processes file operations from frontend API messages without proper path canonicalization. A malicious frontend can include relative path components in the destination path parameter, causing files to be written to sensitive locations. For detailed technical information, see the GitHub Security Advisory.
Detection Methods for CVE-2026-33747
Indicators of Compromise
- Unexpected file modifications outside BuildKit state directories (typically /var/lib/buildkit/)
- Build logs showing usage of unknown or untrusted frontend images via #syntax directive
- Suspicious file write operations during container build processes
- Presence of unauthorized files in sensitive system directories following build operations
Detection Strategies
- Monitor Dockerfile contents for #syntax directives pointing to non-standard or untrusted frontend images
- Audit build arguments for BUILDKIT_SYNTAX values that reference unknown registries or images
- Implement file integrity monitoring on the BuildKit host system to detect unauthorized file modifications
- Review container image provenance and verify that frontend images originate from trusted sources
Monitoring Recommendations
- Enable detailed BuildKit logging and monitor for anomalous file operation patterns
- Implement network segmentation to limit BuildKit daemon exposure
- Configure alerting on file system changes outside expected build artifact directories
- Regularly audit the list of allowed frontend images in your build pipeline configuration
How to Mitigate CVE-2026-33747
Immediate Actions Required
- Upgrade BuildKit to version 0.28.1 or later immediately
- Audit all Dockerfiles and build configurations for usage of custom frontends via #syntax or BUILDKIT_SYNTAX
- Restrict the use of untrusted or unknown BuildKit frontend images in your build environments
- Implement allow-lists for permitted frontend images in CI/CD pipelines
Patch Information
The vulnerability has been fixed in BuildKit version 0.28.1. Organizations should upgrade to this version or later to remediate the vulnerability. Release notes and download links are available at the GitHub BuildKit Release v0.28.1. Additional details about the security fix are documented in the GitHub Security Advisory GHSA-4c29-8rgm-jvjj.
Workarounds
- Only use well-known, trusted frontend images such as docker/dockerfile from official Docker repositories
- Remove or replace any #syntax directives that reference untrusted frontend images
- Avoid using --build-arg BUILDKIT_SYNTAX with untrusted values in build commands
- Implement image signing and verification to ensure frontend image integrity before use
# Configuration example - Verify BuildKit version and use trusted frontend
# Check current BuildKit version
buildctl --version
# Use only trusted official frontend in Dockerfiles
# syntax=docker/dockerfile:1
# Explicitly specify trusted frontend in build commands
docker build --build-arg BUILDKIT_SYNTAX=docker/dockerfile:1 .
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
