CVE-2026-41567
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
In Moby (Docker Engine) before 29.5.1 and moby/moby v2 before v2.0.0-beta.14, when a compressed archive is uploaded to a container, the daemon resolves decompression binaries (e.g., xz, unpigz) from the container's filesystem instead of the host. A malicious container image with trojanized decompression binaries can achieve arbitrary code execution with full daemon privileges (host root UID and unrestricted capabilities).
Risk Assessment
An attacker can gain complete control over the Docker host, executing arbitrary code as root, compromising confidentiality, integrity, and availability of all containers and host data.
Recommendation
Immediately upgrade Docker Engine to 29.5.1 or moby/moby to v2.0.0-beta.14. Until then, only use trusted container images, deploy authorization plugins to block the PUT /containers/{id}/archive endpoint, and avoid piping compressed archives into containers from untrusted images.
Original NVD description (English source)
Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container's filesystem rather than the host's due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images

