Skip to content

Docker: `PUT /containers/{id}/archive` executes container binary on the host

High severity GitHub Reviewed Published May 18, 2026 in moby/moby • Updated Jun 9, 2026

Package

gomod github.com/docker/docker (Go)

Affected versions

<= 28.5.2

Patched versions

None
gomod github.com/moby/moby (Go)
<= 28.5.2
None
gomod github.com/moby/moby/v2 (Go)
< 2.0.0-beta.14
2.0.0-beta.14

Description

Summary

When a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon (host root) privileges.

Details

When handling PUT /containers/{id}/archive requests with compressed archives, the daemon decompresses them using external system binaries. Due to incorrect ordering of operations, these binaries are resolved from the container's filesystem rather than the host's. A container image that includes a trojanized decompression binary can achieve code execution as the daemon process whenever a compressed archive is uploaded to that container.

The executed binary runs with the daemon's full privileges, including host root UID and unrestricted capabilities.

Impact

Arbitrary code execution as host root, crossing the container-to-host trust boundary.

Conditions for exploitation

  • A user must run a container from a malicious image that contains a trojanized decompression binary.
  • The user must then upload a compressed archive (xz or gzip) into that container, either by piping a compressed archive via docker cp - or by calling the PUT /containers/{id}/archive API directly with compressed content.

Not affected

Standard docker cp usage is not affected, because the CLI sends uncompressed tar by default:

docker cp ./file.txt mycontainer:/file.txt

This can only be exploited when explicitly passing a xz or gzip-compressed archive to docker cp or the PUT /containers/{id}/archive API, for example:

cat archive.tar.xz | docker cp - mycontainer:/dir

Decompression formats using pure Go implementations (bzip2, zstd, and gzip when the container image does not contain an unpigz binary) are also not affected.

Workarounds

  • Only run containers from trusted images.
  • Use authorization plugins to limit access to the PUT /containers/{id}/archive endpoint.
  • Avoid piping compressed archives into containers created from untrusted images.

References

@vvoland vvoland published to moby/moby May 18, 2026
Published to the GitHub Advisory Database May 18, 2026
Reviewed May 18, 2026
Published by the National Vulnerability Database Jun 5, 2026
Last updated Jun 9, 2026

Severity

High

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Local
Attack complexity
High
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(5th percentile)

Weaknesses

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. Learn more on MITRE.

CVE ID

CVE-2026-41567

GHSA ID

GHSA-x86f-5xw2-fm2r

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.