CVE Vulnerabilities

CVE-2026-33997

Off-by-one Error

Published: Mar 31, 2026 | Modified: Jun 30, 2026
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
8.4 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemons privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.

Weakness

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Affected Software

NameVendorStart VersionEnd Version
EngineDocker*29.3.1 (excluding)
Multicluster Global Hub 1.4.5RedHatmulticluster-globalhub/multicluster-globalhub-grafana-rhel9:1779579439*
Multicluster Global Hub 1.5.4RedHatmulticluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753*
Multicluster Global Hub 1.6.2RedHatmulticluster-globalhub/multicluster-globalhub-grafana-rhel9:1780167118*
Docker.ioUbuntuesm-infra/xenial*

Potential Mitigations

References