Skip to content

plugins/container: bump github.com/docker/docker to v29.3.1+ to fix CVE-2026-34040 and CVE-2026-33997 #1349

Description

@zhiland

The container plugin's go-worker depends on github.com/docker/docker v28.5.2+incompatible which is affected by:

  • CVE-2026-34040 (HIGH) — Moby AuthZ plugin bypass. Fixed in v29.3.1.
  • CVE-2026-33997 (MEDIUM) — Off-by-one error in plugin privilege validation. Fixed in v29.3.1.

Both vulnerabilities are flagged by Trivy and Grype when scanning libcontainer.so.

How to reproduce it

  1. Build the container plugin from main or use release v0.7.0
  2. Scan the resulting libcontainer.so with Trivy or Grype
  3. Observe CVE-2026-34040 and CVE-2026-33997 reported against github.com/docker/docker v28.5.2+incompatible

Expected behaviour

The container plugin should use github.com/docker/docker v29.3.1 or later (currently v29.4.3 is the latest stable) which contains fixes for both CVEs.

Screenshots

N/A

Environment

  • Falco version: 0.43.1
  • Plugin: container v0.7.0 (also affects main branch)
  • The issue is in plugins/container/go-worker/go.mod

Additional context

The fix is a dependency bump in plugins/container/go-worker/go.mod:

github.com/docker/docker v28.5.2+incompatible → v29.4.3+incompatible

Moby v29.3.1 was released in April 2026 and the current stable is v29.4.3. The vulnerable dependency is present in both the latest release (v0.7.0, 2026-05-04) and the current
main branch.

References:

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions