Moby is an open-source project created by Docker to facilitate the building of custom container-based systems. It provides a toolkit of components that can be assembled into specialized container platforms. Moby serves as the upstream project for Docker Engine.

What is Docker Model Runner (DMR)?

Docker Model Runner (DMR) is a tool designed to manage, run, and deploy AI models using Docker containers. It simplifies the process of containerizing AI models and deploying them in a consistent and reproducible manner. DMR helps streamline the AI model lifecycle within Docker environments.

How does the Moby privilege validation bypass work?

The vulnerability in Moby's plugin privilege validation arises from an error in the daemon's privilege comparison logic. During the installation of Docker plugins, the daemon may incorrectly accept a privilege set that differs from the one approved by the user, potentially granting excessive permissions to the plugin.

What is SSRF and how does it affect Docker Model Runner?

SSRF, or Server-Side Request Forgery, is a vulnerability that allows an attacker to make requests to internal resources from a vulnerable server. In Docker Model Runner, a malicious OCI registry can exploit this by setting the realm URL to an internal address, causing DMR to make arbitrary GET requests to internal services.

NextGuard

Back to blog

CVSS 6.8CVE-2026-33997CVE-2026-33990

Docker Moby & DMR Patches Released: CVE-2026-33997 & CVE-2026-33990

Critical security updates for Docker Moby and Docker Model Runner (DMR) address privilege validation bypass and SSRF vulnerabilities. Update now!

Published on April 4, 2026

Security vulnerabilities have been discovered in Docker's Moby container framework and Docker Model Runner (DMR). These flaws could allow privilege escalation and server-side request forgery. Patches are available to address these issues; users are urged to update immediately.

CVE-2026-33997 has a CVSS score of 6.8, indicating medium severity.

What is Docker?

Docker is a platform for developing, shipping, and running applications in containers. Containers allow developers to package an application with all of its dependencies into a standardized unit for software development. Docker simplifies the process of managing application environments, making it easier to deploy and scale applications across different infrastructures. To learn more, search all docker CVEs.

CVE-2026-33997: Moby Plugin Privilege Validation Bypass

CVSS6.8

Affected versionsMoby versions prior to 29.3.1 are affected. Plugins requesting exactly one privilege are also vulnerable.

Medium severity: Exploitable with some access restrictions required.

EPSS score of 0.011 indicates a low probability of exploitation.

A flaw in Moby's plugin privilege comparison logic allows bypassing privilege validation during docker plugin installation. The daemon may incorrectly accept a privilege set different from the one approved by the user, potentially leading to unauthorized access.

How to fix CVE-2026-33997 in Moby

Patch immediately

1.Upgrade your Moby installation to version 29.3.1 or later.

Verify with:

verify

docker version

Workaround: No known workarounds are available; upgrading is the recommended solution.

NextGuard automatically flags CVE-2026-33997 if Moby appears in any of your monitored projects — no manual lookup required.

CVE-2026-33990: Docker Model Runner SSRF Vulnerability

CVSSN/A

Affected versionsDocker Model Runner versions prior to 1.1.25 are affected. Docker Desktop users with Enhanced Container Isolation (ECI) enabled are partially protected, but specific configurations exposing DMR to localhost over TCP remain vulnerable.

Severity not specified.

EPSS score of 0.013 suggests a low probability of exploitation.

Docker Model Runner (DMR) is vulnerable to Server-Side Request Forgery (SSRF) in its OCI registry token exchange flow. A malicious OCI registry can cause Model Runner to make arbitrary GET requests to internal services, potentially exposing sensitive data.

How to fix CVE-2026-33990 in Docker Model Runner

Patch immediately

1.Upgrade your Docker Model Runner installation to version 1.1.25 or later.

Verify with:

verify

dmr --version

Workaround: Enable Enhanced Container Isolation (ECI) in Docker Desktop, but note that this does not fully mitigate the vulnerability if DMR is exposed to localhost over TCP.

Stay ahead of Docker vulnerabilities

Proactively identify and remediate risks in your Docker environments. Use NextGuard to monitor your docker dependencies.

Compare Plans

Frequently asked questions

These vulnerabilities highlight the importance of keeping your Docker components up to date. Regularly patching your systems is crucial for maintaining a secure environment. See all docker vulnerabilities.