All 7 CVE vulnerabilities found in buildkit, with AI-generated Chinese analysis, references, and POCs.
Vendor: moby
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33748 | BuildKit Git URL subdir component can cause access to restricted files CWE-22 | 7.5 | - | 2026-03-27 |
| CVE-2026-33747 | BuildKit vulnerable to malicious frontend causing file escape outside of storage root CWE-22 | 8.4 | High | 2026-03-27 |
| CVE-2024-23653 | BuildKit interactive containers API does not validate entitlements check CWE-863 | 9.8 | Critical | 2024-01-31 |
| CVE-2024-23652 | BuildKit possible host system access from mount stub cleaner CWE-22 | 10.0 | Critical | 2024-01-31 |
| CVE-2024-23651 | BuildKit possible race condition with accessing subpaths from cache mounts CWE-362 | 8.7 | High | 2024-01-31 |
| CVE-2024-23650 | BuildKit possible panic when incorrect parameters sent from frontend CWE-754 | 5.3 | Medium | 2024-01-31 |
| CVE-2023-26054 | Credentials inlined to Git URLs could end up in provenance attestation in BuildKit CWE-200 | 6.5 | Medium | 2023-03-06 |
All 7 known CVE vulnerabilities affecting buildkit with full Chinese analysis, references, and POCs where available.