UBUNTU-CVE-2026-33747
- Source
- https://ubuntu.com/security/CVE-2026-33747
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33747.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-33747
- Upstream
- Published
- 2026-04-22T00:00:00Z
- Modified
- 2026-04-27T18:56:56.872583Z
- Severity
-
- 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with
#syntaxor--build-arg BUILDKIT_SYNTAX. Using these options with a well-known frontend image likedocker/dockerfileis not affected. - References
Affected packages
Ubuntu:25.10
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io@26.1.5+dfsg1-9ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
docker.io-app
Package
- Name
- docker.io-app
- Purl
- pkg:deb/ubuntu/docker.io-app@29.1.3-0ubuntu3~25.10.1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
27.*
27.5.1-0ubuntu3
27.5.1-0ubuntu4
28.*
28.2.2-0ubuntu1
29.*
29.1.3-0ubuntu3~25.10.1
Ubuntu:26.04
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io@27.5.1+dfsg4-2ubuntu1?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
docker.io-app
Package
- Name
- docker.io-app
- Purl
- pkg:deb/ubuntu/docker.io-app@29.1.3-0ubuntu4?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
28.*
28.2.2-0ubuntu1
29.*
29.1.2-0ubuntu1
29.1.3-0ubuntu1
29.1.3-0ubuntu2
29.1.3-0ubuntu3
29.1.3-0ubuntu4
Ubuntu:Pro:16.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io@18.09.7-0ubuntu1~16.04.9+esm2?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.6.2~dfsg1-1ubuntu4
1.10.2-0ubuntu3
1.10.2-0ubuntu4
1.10.3-0ubuntu1
1.10.3-0ubuntu4
1.10.3-0ubuntu5
1.10.3-0ubuntu6
1.11.2-0ubuntu5~16.04
1.12.1-0ubuntu13~16.04.1
1.12.3-0ubuntu4~16.04.2
1.12.6-0ubuntu1~16.04.1
1.13.1-0ubuntu1~16.04.2
17.*
17.03.2-0ubuntu2~16.04.1
18.*
18.06.1-0ubuntu1~16.04.2
18.06.1-0ubuntu1.2~16.04.1
18.09.2-0ubuntu1~16.04.1
18.09.5-0ubuntu1~16.04.2
18.09.7-0ubuntu1~16.04.1
18.09.7-0ubuntu1~16.04.4
18.09.7-0ubuntu1~16.04.5
18.09.7-0ubuntu1~16.04.6
18.09.7-0ubuntu1~16.04.7
18.09.7-0ubuntu1~16.04.9+esm1
18.09.7-0ubuntu1~16.04.9+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "docker.io",
"binary_version": "18.09.7-0ubuntu1~16.04.9+esm2"
},
{
"binary_name": "golang-docker-dev",
"binary_version": "18.09.7-0ubuntu1~16.04.9+esm2"
},
{
"binary_name": "golang-github-docker-docker-dev",
"binary_version": "18.09.7-0ubuntu1~16.04.9+esm2"
},
{
"binary_name": "vim-syntax-docker",
"binary_version": "18.09.7-0ubuntu1~16.04.9+esm2"
}
]
}Ubuntu:Pro:18.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io@20.10.21-0ubuntu1~18.04.3+esm3?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.13.1-0ubuntu6
17.*
17.03.2-0ubuntu1
17.03.2-0ubuntu3
17.03.2-0ubuntu5
17.12.1-0ubuntu1
18.*
18.06.1-0ubuntu1~18.04.1
18.06.1-0ubuntu1.2~18.04.1
18.09.2-0ubuntu1~18.04.1
18.09.5-0ubuntu1~18.04.2
18.09.7-0ubuntu1~18.04.1
18.09.7-0ubuntu1~18.04.3
18.09.7-0ubuntu1~18.04.4
19.*
19.03.6-0ubuntu1~18.04.1
19.03.6-0ubuntu1~18.04.2
19.03.6-0ubuntu1~18.04.3
20.*
20.10.2-0ubuntu1~18.04.2
20.10.2-0ubuntu1~18.04.3
20.10.7-0ubuntu1~18.04.1
20.10.7-0ubuntu1~18.04.2
20.10.7-0ubuntu5~18.04.2
20.10.7-0ubuntu5~18.04.3
20.10.12-0ubuntu2~18.04.1
20.10.21-0ubuntu1~18.04.2
20.10.21-0ubuntu1~18.04.3
20.10.21-0ubuntu1~18.04.3+esm1
20.10.21-0ubuntu1~18.04.3+esm2
20.10.21-0ubuntu1~18.04.3+esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "docker.io",
"binary_version": "20.10.21-0ubuntu1~18.04.3+esm3"
},
{
"binary_name": "golang-docker-dev",
"binary_version": "20.10.21-0ubuntu1~18.04.3+esm3"
},
{
"binary_name": "golang-github-docker-docker-dev",
"binary_version": "20.10.21-0ubuntu1~18.04.3+esm3"
},
{
"binary_name": "vim-syntax-docker",
"binary_version": "20.10.21-0ubuntu1~18.04.3+esm3"
}
]
}Ubuntu:Pro:20.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io@20.10.21-0ubuntu1~20.04.6+esm2?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
19.*
19.03.2-0ubuntu1
19.03.6-0ubuntu1
19.03.8-0ubuntu1
19.03.8-0ubuntu1.20.04
19.03.8-0ubuntu1.20.04.1
19.03.8-0ubuntu1.20.04.2
20.*
20.10.2-0ubuntu1~20.04.2
20.10.2-0ubuntu1~20.04.3
20.10.7-0ubuntu1~20.04.1
20.10.7-0ubuntu1~20.04.2
20.10.7-0ubuntu5~20.04.1
20.10.7-0ubuntu5~20.04.2
20.10.12-0ubuntu2~20.04.1
20.10.21-0ubuntu1~20.04.1
20.10.21-0ubuntu1~20.04.2
20.10.21-0ubuntu1~20.04.4
20.10.21-0ubuntu1~20.04.5
20.10.21-0ubuntu1~20.04.6
20.10.21-0ubuntu1~20.04.6+esm1
20.10.21-0ubuntu1~20.04.6+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "golang-docker-dev",
"binary_version": "20.10.21-0ubuntu1~20.04.6+esm2"
},
{
"binary_name": "golang-github-docker-docker-dev",
"binary_version": "20.10.21-0ubuntu1~20.04.6+esm2"
},
{
"binary_name": "vim-syntax-docker",
"binary_version": "20.10.21-0ubuntu1~20.04.6+esm2"
}
]
}docker.io-app
Package
- Name
- docker.io-app
- Purl
- pkg:deb/ubuntu/docker.io-app@26.1.3-0ubuntu1~20.04.1+esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20.*
20.10.25-0ubuntu1~20.04.1
20.10.25-0ubuntu1~20.04.2
24.*
24.0.5-0ubuntu1~20.04.1
24.0.7-0ubuntu2~20.04.1
26.*
26.1.3-0ubuntu1~20.04.1
26.1.3-0ubuntu1~20.04.1+esm1
Ubuntu:Pro:22.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io@20.10.21-0ubuntu1~22.04.8+esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20.*
20.10.7-0ubuntu5
20.10.7-0ubuntu7
20.10.12-0ubuntu1
20.10.12-0ubuntu2
20.10.12-0ubuntu3
20.10.12-0ubuntu3+gke1.24.1
20.10.12-0ubuntu4
20.10.21-0ubuntu1~22.04.2
20.10.21-0ubuntu1~22.04.3
20.10.21-0ubuntu1~22.04.5
20.10.21-0ubuntu1~22.04.6
20.10.21-0ubuntu1~22.04.7
20.10.21-0ubuntu1~22.04.7+esm1
20.10.21-0ubuntu1~22.04.7+esm2
20.10.21-0ubuntu1~22.04.8
20.10.21-0ubuntu1~22.04.8+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "golang-docker-dev",
"binary_version": "20.10.21-0ubuntu1~22.04.8+esm1"
},
{
"binary_name": "golang-github-docker-docker-dev",
"binary_version": "20.10.21-0ubuntu1~22.04.8+esm1"
},
{
"binary_name": "vim-syntax-docker",
"binary_version": "20.10.21-0ubuntu1~22.04.8+esm1"
}
]
}docker.io-app
Package
- Name
- docker.io-app
- Purl
- pkg:deb/ubuntu/docker.io-app@27.5.1-0ubuntu3~22.04.2?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20.*
20.10.25-0ubuntu1~22.04.1
20.10.25-0ubuntu1~22.04.2
24.*
24.0.5-0ubuntu1~22.04.1
24.0.7-0ubuntu2~22.04.1
26.*
26.1.3-0ubuntu1~22.04.1
26.1.3-0ubuntu1~22.04.1+esm1
27.*
27.5.1-0ubuntu3~22.04.1
27.5.1-0ubuntu3~22.04.2
28.*
28.2.2-0ubuntu1~22.04.1
29.*
29.1.3-0ubuntu3~22.04.1
Ubuntu:Pro:24.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io@20.10.25+dfsg1-2ubuntu1.24.04.1+esm1?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20.*
20.10.24+dfsg1-1ubuntu2
20.10.25+dfsg1-2ubuntu1
20.10.25+dfsg1-2ubuntu1+esm1
20.10.25+dfsg1-2ubuntu1+esm2
20.10.25+dfsg1-2ubuntu1.24.04.1
20.10.25+dfsg1-2ubuntu1.24.04.1+esm1
docker.io-app
Package
- Name
- docker.io-app
- Purl
- pkg:deb/ubuntu/docker.io-app@27.5.1-0ubuntu3~24.04.2?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
24.*
24.0.5-0ubuntu1
24.0.7-0ubuntu1
24.0.7-0ubuntu2
24.0.7-0ubuntu3
24.0.7-0ubuntu4
24.0.7-0ubuntu4.1
26.*
26.1.3-0ubuntu1~24.04.1
26.1.3-0ubuntu1~24.04.1+esm1
27.*
27.5.1-0ubuntu3~24.04.1
27.5.1-0ubuntu3~24.04.2
28.*
28.2.2-0ubuntu1~24.04.1
29.*
29.1.3-0ubuntu3~24.04.1