← Voltar para CVEs
CVE-2026-33747
HIGH8.4
Descricao
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.
Detalhes CVE
Pontuacao CVSS v3.18.4
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/27/2026
Ultima modificacao4/1/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
mobyproject:buildkit
Fraquezas (CWE)
CWE-22
Referencias
https://github.com/moby/buildkit/releases/tag/v0.28.1(security-advisories@github.com)
https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.