CVE-2026-41567 Overview
CVE-2026-41567 is an untrusted search path vulnerability [CWE-427] in Moby, the open source container framework that underpins Docker Engine. The flaw affects Moby versions prior to 29.5.1 and moby/moby v2 prior to v2.0.0-beta.14. When a user uploads a compressed archive to a container through PUT /containers/{id}/archive or pipes data via docker cp -, the daemon resolves decompression binaries such as xz or unpigz from the container filesystem instead of the host. A malicious container image can ship a trojanized decompression binary that executes with full daemon privileges.
Critical Impact
Arbitrary code execution as host root with unrestricted Linux capabilities when a user copies a compressed archive into a container built from an untrusted image.
Affected Products
- Docker Engine (Moby) versions prior to 29.5.1
- moby/moby v2 versions prior to v2.0.0-beta.14
- Downstream container runtimes and distributions bundling vulnerable Moby releases
Discovery Timeline
- 2026-06-05 - CVE-2026-41567 published to NVD
- 2026-06-05 - Last updated in NVD database
Technical Details for CVE-2026-41567
Vulnerability Analysis
The vulnerability stems from incorrect ordering of filesystem operations inside the Moby daemon's archive extraction routine. When a user pushes a compressed archive into a container, the daemon must invoke a decompression helper such as xz or unpigz. The daemon resolves the binary path after entering the container's filesystem namespace, allowing the container image to control which executable runs. The decompression process inherits the daemon's privileges rather than the container's restricted context. This yields host root UID, all Linux capabilities, and unrestricted access to the host kernel.
Root Cause
The defect is an untrusted search path issue classified under [CWE-427]. Moby resolves auxiliary binaries from a search path that includes attacker-controlled locations inside the container rootfs. The daemon should either ship its own decompression binaries on the host or resolve helpers before crossing into the container namespace. Because resolution occurs after the namespace switch, the lookup honors PATH entries and binary contents supplied by the malicious image.
Attack Vector
Exploitation requires three conditions. An adversary must publish or supply a malicious container image containing a trojanized xz or unpigz binary. A legitimate user must run a container from that image. The user must then upload a compressed archive into the running container using docker cp - or the REST endpoint PUT /containers/{id}/archive. When the daemon invokes the decompression helper, the planted binary runs on the host with daemon privileges. No verified proof of concept is publicly available. Technical details are documented in the Moby GitHub Security Advisory.
Detection Methods for CVE-2026-41567
Indicators of Compromise
- Unexpected child processes of dockerd or containerd running outside container cgroups with host root UID
- Container images containing non-standard or unsigned xz, unpigz, gzip, or bzip2 binaries in /usr/bin or /bin
- API calls to PUT /containers/{id}/archive immediately followed by host-level privilege actions or new daemon-spawned processes
- Outbound network connections from decompression utility processes that should not initiate network traffic
Detection Strategies
- Audit container images for tampered or statically linked decompression utilities before deployment
- Monitor Docker Engine API logs for archive upload operations correlated with subsequent host-level process creation events
- Apply [CWE-427] focused detection rules that flag privileged binary execution originating from container rootfs paths
Monitoring Recommendations
- Enable Docker daemon audit logging and forward events to a centralized analytics platform for correlation
- Track process ancestry where dockerd spawns binaries resolved from container filesystem paths
- Alert on use of docker cp operations involving compressed archives against containers built from external registries
How to Mitigate CVE-2026-41567
Immediate Actions Required
- Upgrade Docker Engine to version 29.5.1 or later, or moby/moby v2 to v2.0.0-beta.14 or later
- Inventory all running containers and identify those launched from untrusted or third-party images
- Restrict access to the Docker socket and the PUT /containers/{id}/archive API endpoint to authorized operators only
Patch Information
The vulnerability is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. The patch resolves decompression binaries from the host filesystem before transitioning into the container namespace. Refer to the Moby GitHub Security Advisory GHSA-x86f-5xw2-fm2r for upgrade guidance and release notes.
Workarounds
- Run containers only from trusted images sourced from verified registries with image signing enforced
- Deploy Docker authorization plugins to block or restrict requests to the PUT /containers/{id}/archive endpoint
- Avoid piping compressed xz or gzip archives into containers created from untrusted images, and use uncompressed tar streams as a substitute
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
