UBUNTU-CVE-2026-33747
- Source
- https://ubuntu.com/security/CVE-2026-33747
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33747.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-33747
- Upstream
- Downstream
- Related
- Published
- 2026-04-22T00:00:00Z
- Modified
- 2026-05-20T16:25:31.037270449Z
- Severity
-
- 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with
#syntaxor--build-arg BUILDKIT_SYNTAX. Using these options with a well-known frontend image likedocker/dockerfileis not affected. - References
Affected packages
Ubuntu:22.04:LTS
docker.io-app
Package
- Name
- docker.io-app
- Purl
- pkg:deb/ubuntu/docker.io-app?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed29.1.3-0ubuntu3~22.04.2
Affected versions
20.*
20.10.25-0ubuntu1~22.04.1
20.10.25-0ubuntu1~22.04.2
24.*
24.0.5-0ubuntu1~22.04.1
24.0.7-0ubuntu2~22.04.1
26.*
26.1.3-0ubuntu1~22.04.1
27.*
27.5.1-0ubuntu3~22.04.1
27.5.1-0ubuntu3~22.04.2
28.*
28.2.2-0ubuntu1~22.04.1
29.*
29.1.3-0ubuntu3~22.04.1
Ubuntu:24.04:LTS
docker.io-app
Package
- Name
- docker.io-app
- Purl
- pkg:deb/ubuntu/docker.io-app?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed29.1.3-0ubuntu3~24.04.2
Affected versions
24.*
24.0.5-0ubuntu1
24.0.7-0ubuntu1
24.0.7-0ubuntu2
24.0.7-0ubuntu3
24.0.7-0ubuntu4
24.0.7-0ubuntu4.1
26.*
26.1.3-0ubuntu1~24.04.1
27.*
27.5.1-0ubuntu3~24.04.1
27.5.1-0ubuntu3~24.04.2
28.*
28.2.2-0ubuntu1~24.04.1
29.*
29.1.3-0ubuntu3~24.04.1
Ubuntu:25.10
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
docker.io-app
Package
- Name
- docker.io-app
- Purl
- pkg:deb/ubuntu/docker.io-app?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
27.*
27.5.1-0ubuntu3
27.5.1-0ubuntu4
28.*
28.2.2-0ubuntu1
29.*
29.1.3-0ubuntu3~25.10.1
Ubuntu:26.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
docker.io-app
Package
- Name
- docker.io-app
- Purl
- pkg:deb/ubuntu/docker.io-app?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed29.1.3-0ubuntu4.1
Affected versions
28.*
28.2.2-0ubuntu1
29.*
29.1.2-0ubuntu1
29.1.3-0ubuntu1
29.1.3-0ubuntu2
29.1.3-0ubuntu3
29.1.3-0ubuntu4
Ubuntu:Pro:16.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.6.2~dfsg1-1ubuntu4
1.10.2-0ubuntu3
1.10.2-0ubuntu4
1.10.3-0ubuntu1
1.10.3-0ubuntu4
1.10.3-0ubuntu5
1.10.3-0ubuntu6
1.11.2-0ubuntu5~16.04
1.12.1-0ubuntu13~16.04.1
1.12.3-0ubuntu4~16.04.2
1.12.6-0ubuntu1~16.04.1
1.13.1-0ubuntu1~16.04.2
17.*
17.03.2-0ubuntu2~16.04.1
18.*
18.06.1-0ubuntu1~16.04.2
18.06.1-0ubuntu1.2~16.04.1
18.09.2-0ubuntu1~16.04.1
18.09.5-0ubuntu1~16.04.2
18.09.7-0ubuntu1~16.04.1
18.09.7-0ubuntu1~16.04.4
18.09.7-0ubuntu1~16.04.5
18.09.7-0ubuntu1~16.04.6
18.09.7-0ubuntu1~16.04.7
18.09.7-0ubuntu1~16.04.9+esm1
18.09.7-0ubuntu1~16.04.9+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "18.09.7-0ubuntu1~16.04.9+esm2",
"binary_name": "docker.io"
},
{
"binary_version": "18.09.7-0ubuntu1~16.04.9+esm2",
"binary_name": "golang-docker-dev"
},
{
"binary_version": "18.09.7-0ubuntu1~16.04.9+esm2",
"binary_name": "golang-github-docker-docker-dev"
},
{
"binary_version": "18.09.7-0ubuntu1~16.04.9+esm2",
"binary_name": "vim-syntax-docker"
}
]
}Ubuntu:Pro:18.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.13.1-0ubuntu6
17.*
17.03.2-0ubuntu1
17.03.2-0ubuntu3
17.03.2-0ubuntu5
17.12.1-0ubuntu1
18.*
18.06.1-0ubuntu1~18.04.1
18.06.1-0ubuntu1.2~18.04.1
18.09.2-0ubuntu1~18.04.1
18.09.5-0ubuntu1~18.04.2
18.09.7-0ubuntu1~18.04.1
18.09.7-0ubuntu1~18.04.3
18.09.7-0ubuntu1~18.04.4
19.*
19.03.6-0ubuntu1~18.04.1
19.03.6-0ubuntu1~18.04.2
19.03.6-0ubuntu1~18.04.3
20.*
20.10.2-0ubuntu1~18.04.2
20.10.2-0ubuntu1~18.04.3
20.10.7-0ubuntu1~18.04.1
20.10.7-0ubuntu1~18.04.2
20.10.7-0ubuntu5~18.04.2
20.10.7-0ubuntu5~18.04.3
20.10.12-0ubuntu2~18.04.1
20.10.21-0ubuntu1~18.04.2
20.10.21-0ubuntu1~18.04.3
20.10.21-0ubuntu1~18.04.3+esm1
20.10.21-0ubuntu1~18.04.3+esm2
20.10.21-0ubuntu1~18.04.3+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "20.10.21-0ubuntu1~18.04.3+esm3",
"binary_name": "docker.io"
},
{
"binary_version": "20.10.21-0ubuntu1~18.04.3+esm3",
"binary_name": "golang-docker-dev"
},
{
"binary_version": "20.10.21-0ubuntu1~18.04.3+esm3",
"binary_name": "golang-github-docker-docker-dev"
},
{
"binary_version": "20.10.21-0ubuntu1~18.04.3+esm3",
"binary_name": "vim-syntax-docker"
}
]
}Ubuntu:Pro:20.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
19.*
19.03.2-0ubuntu1
19.03.6-0ubuntu1
19.03.8-0ubuntu1
19.03.8-0ubuntu1.20.04
19.03.8-0ubuntu1.20.04.1
19.03.8-0ubuntu1.20.04.2
20.*
20.10.2-0ubuntu1~20.04.2
20.10.2-0ubuntu1~20.04.3
20.10.7-0ubuntu1~20.04.1
20.10.7-0ubuntu1~20.04.2
20.10.7-0ubuntu5~20.04.1
20.10.7-0ubuntu5~20.04.2
20.10.12-0ubuntu2~20.04.1
20.10.21-0ubuntu1~20.04.1
20.10.21-0ubuntu1~20.04.2
20.10.21-0ubuntu1~20.04.4
20.10.21-0ubuntu1~20.04.5
20.10.21-0ubuntu1~20.04.6
20.10.21-0ubuntu1~20.04.6+esm1
20.10.21-0ubuntu1~20.04.6+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "20.10.21-0ubuntu1~20.04.6+esm2",
"binary_name": "golang-docker-dev"
},
{
"binary_version": "20.10.21-0ubuntu1~20.04.6+esm2",
"binary_name": "golang-github-docker-docker-dev"
},
{
"binary_version": "20.10.21-0ubuntu1~20.04.6+esm2",
"binary_name": "vim-syntax-docker"
}
]
}docker.io-app
Package
- Name
- docker.io-app
- Purl
- pkg:deb/ubuntu/docker.io-app?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed26.1.3-0ubuntu1~20.04.1+esm2
Affected versions
20.*
20.10.25-0ubuntu1~20.04.1
20.10.25-0ubuntu1~20.04.2
24.*
24.0.5-0ubuntu1~20.04.1
24.0.7-0ubuntu2~20.04.1
26.*
26.1.3-0ubuntu1~20.04.1
26.1.3-0ubuntu1~20.04.1+esm1
Ubuntu:Pro:22.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20.*
20.10.7-0ubuntu5
20.10.7-0ubuntu7
20.10.12-0ubuntu1
20.10.12-0ubuntu2
20.10.12-0ubuntu3
20.10.12-0ubuntu3+gke1.24.1
20.10.12-0ubuntu4
20.10.21-0ubuntu1~22.04.2
20.10.21-0ubuntu1~22.04.3
20.10.21-0ubuntu1~22.04.5
20.10.21-0ubuntu1~22.04.6
20.10.21-0ubuntu1~22.04.7
20.10.21-0ubuntu1~22.04.7+esm1
20.10.21-0ubuntu1~22.04.7+esm2
20.10.21-0ubuntu1~22.04.8
20.10.21-0ubuntu1~22.04.8+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "20.10.21-0ubuntu1~22.04.8+esm1",
"binary_name": "golang-docker-dev"
},
{
"binary_version": "20.10.21-0ubuntu1~22.04.8+esm1",
"binary_name": "golang-github-docker-docker-dev"
},
{
"binary_version": "20.10.21-0ubuntu1~22.04.8+esm1",
"binary_name": "vim-syntax-docker"
}
]
}Ubuntu:Pro:24.04:LTS
docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20.*
20.10.24+dfsg1-1ubuntu2
20.10.25+dfsg1-2ubuntu1
20.10.25+dfsg1-2ubuntu1+esm1
20.10.25+dfsg1-2ubuntu1+esm2
20.10.25+dfsg1-2ubuntu1.24.04.1
20.10.25+dfsg1-2ubuntu1.24.04.1+esm1