USN-8230-1

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2026-33747 CVE-2026-33748 UBUNTU-CVE-2026-33747 UBUNTU-CVE-2026-33748

Published: 06 May 2026, 03:28

Last modified:20 May 2026, 16:04

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 May 2026, 03:28

Published

Vulnerability first disclosed

20 May 2026, 16:04

Last Modified

Vulnerability information updated

Description

docker.io-app vulnerabilities It was discovered that BuildKit, contained within Docker, incorrectly handled file path validation when processing frontend API messages. An attacker could possibly use this issue to write files outside of the intended state directory. (CVE-2026-33747) It was discovered that BuildKit, contained within Docker, incorrectly validated the subdir component of Git URL fragments. An attacker could possibly use this issue to access files outside of the checked-out repository root. (CVE-2026-33748)

Affected Systems

ubuntu•docker.io-app
< 26.1.3-0ubuntu1~20.04.1+esm2 | < 29.1.3-0ubuntu3~22.04.2 | < 29.1.3-0ubuntu3~24.04.2 | < 29.1.3-0ubuntu4.1

USN-8230-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)