Docker Security Bypass (CVE-2026-34040): Critical Patch & Mitigation |Cyera Research | Cyera Blog

**Executive summary:** Cyera Research discloses CVE-2026-34040 — an authorization-bypass in Docker Engine where request bodies >1 MB are silently dropped before AuthZ plugins see them, allowing a single padded HTTP request to create privileged containers with full host filesystem access; the issue affects ~92% of enterprise Docker deployments (CVSS 8.8) and Docker Engine 29.3.1 / Docker Desktop 4.66.1 contain fixes, so immediate patching and temporary reverse-proxy size limits are recommended.