{"id":"CVE-2026-33747","summary":"BuildKit vulnerable to malicious frontend causing file escape outside of storage root","details":"BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.","aliases":["GHSA-4c29-8rgm-jvjj","GO-2026-4858"],"modified":"2026-04-02T13:44:27.802423488Z","published":"2026-03-27T00:49:06.165Z","related":["CGA-24vx-jj57-3w5c","openSUSE-SU-2026:10456-1","openSUSE-SU-2026:10472-1"],"database_specific":{"cwe_ids":["CWE-22"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33747.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33747.json"},{"type":"WEB","url":"https://github.com/moby/buildkit/releases/tag/v0.28.1"},{"type":"ADVISORY","url":"https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33747"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moby/buildkit","events":[{"introduced":"0"},{"fixed":"45b038cd0b2ec2d34013ce0f085522276f7ee0d8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.28.1"}]}}],"versions":["dockerfile/0.9.0","dockerfile/0.9.0-experimental","dockerfile/1.0.0","dockerfile/1.0.0-experimental","dockerfile/1.0.1","dockerfile/1.0.1-experimental","dockerfile/1.0.2-experimental","dockerfile/1.1.0","dockerfile/1.1.0-experimental","dockerfile/1.1.1","dockerfile/1.1.1-experimental","dockerfile/1.1.2","dockerfile/1.1.2-experimental","dockerfile/1.1.3","dockerfile/1.1.3-experimental","dockerfile/1.1.4","dockerfile/1.1.4-experimental","dockerfile/1.1.5","dockerfile/1.1.5-experimental","dockerfile/1.1.6","dockerfile/1.1.6-experimental","dockerfile/1.1.6-rc1","dockerfile/1.1.6-rc1-experimental","dockerfile/1.1.7","dockerfile/1.1.7-experimental","dockerfile/1.10.0","dockerfile/1.10.0-labs","dockerfile/1.10.0-rc1","dockerfile/1.10.0-rc1-labs","dockerfile/1.11.0","dockerfile/1.11.0-labs","dockerfile/1.11.0-rc1","dockerfile/1.11.0-rc1-labs","dockerfile/1.11.0-rc2","dockerfile/1.11.0-rc2-labs","dockerfile/1.11.1","dockerfile/1.11.1-labs","dockerfile/1.12.0","dockerfile/1.12.0-labs","dockerfile/1.12.0-rc1","dockerfile/1.12.0-rc1-labs","dockerfile/1.12.1","dockerfile/1.12.1-labs","dockerfile/1.13.0","dockerfile/1.13.0-labs","dockerfile/1.13.0-rc1","dockerfile/1.13.0-rc1-labs","dockerfile/1.14.0","dockerfile/1.14.0-labs","dockerfile/1.14.0-rc1","dockerfile/1.14.0-rc1-labs","dockerfile/1.14.0-rc2","dockerfile/1.14.0-rc2-labs","dockerfile/1.14.0-rc3","dockerfile/1.14.0-rc3-labs","dockerfile/1.14.1","dockerfile/1.14.1-labs","dockerfile/1.15.0","dockerfile/1.15.0-labs","dockerfile/1.15.0-rc1","dockerfile/1.15.0-rc1-labs","dockerfile/1.15.0-rc2","dockerfile/1.15.0-rc2-labs","dockerfile/1.15.1","dockerfile/1.15.1-labs","dockerfile/1.16.0","dockerfile/1.16.0-labs","dockerfile/1.16.0-rc1","dockerfile/1.16.0-rc1-labs","dockerfile/1.16.0-rc2","dockerfile/1.16.0-rc2-labs","dockerfile/1.17.0","dockerfile/1.17.0-labs","dockerfile/1.17.0-rc1","dockerfile/1.17.0-rc1-labs","dockerfile/1.17.1","dockerfile/1.17.1-labs","dockerfile/1.18.0","dockerfile/1.18.0-labs","dockerfile/1.18.0-rc1","dockerfile/1.18.0-rc1-labs","dockerfile/1.18.0-rc2","dockerfile/1.18.0-rc2-labs","dockerfile/1.19.0","dockerfile/1.19.0-labs","dockerfile/1.19.0-rc1","dockerfile/1.19.0-rc1-labs","dockerfile/1.2.0","dockerfile/1.2.0-labs","dockerfile/1.2.0-rc1","dockerfile/1.2.0-rc1-labs","dockerfile/1.2.1","dockerfile/1.2.1-labs","dockerfile/1.20.0","dockerfile/1.20.0-labs","dockerfile/1.20.0-rc1","dockerfile/1.20.0-rc1-labs","dockerfile/1.21.0","dockerfile/1.21.0-labs","dockerfile/1.21.0-rc1","dockerfile/1.21.0-rc1-labs","dockerfile/1.22.0","dockerfile/1.22.0-labs","dockerfile/1.22.0-rc1","dockerfile/1.22.0-rc1-labs","dockerfile/1.22.0-rc2","dockerfile/1.22.0-rc2-labs","dockerfile/1.23.0","dockerfile/1.23.0-labs","dockerfile/1.23.0-rc1","dockerfile/1.23.0-rc1-labs","dockerfile/1.3.0","dockerfile/1.3.0-labs","dockerfile/1.3.0-rc1","dockerfile/1.3.0-rc1-labs","dockerfile/1.3.1","dockerfile/1.3.1-labs","dockerfile/1.4.0","dockerfile/1.4.0-labs","dockerfile/1.4.0-labs-rc1","dockerfile/1.4.0-labs-rc2","dockerfile/1.4.0-rc1","dockerfile/1.4.0-rc2","dockerfile/1.4.1","dockerfile/1.4.1-labs","dockerfile/1.4.2","dockerfile/1.4.2-labs","dockerfile/1.4.3","dockerfile/1.4.3-labs","dockerfile/1.5.0","dockerfile/1.5.0-labs","dockerfile/1.5.0-rc1","dockerfile/1.5.0-rc1-labs","dockerfile/1.5.0-rc2","dockerfile/1.5.0-rc2-labs","dockerfile/1.5.0-rc3","dockerfile/1.5.0-rc3-labs","dockerfile/1.5.1","dockerfile/1.5.1-labs","dockerfile/1.5.2","dockerfile/1.5.2-labs","dockerfile/1.6.0","dockerfile/1.6.0-labs","dockerfile/1.6.0-rc1","dockerfile/1.6.0-rc1-labs","dockerfile/1.6.0-rc2","dockerfile/1.6.0-rc2-labs","dockerfile/1.7.0","dockerfile/1.7.0-labs","dockerfile/1.7.0-rc1","dockerfile/1.7.0-rc1-labs","dockerfile/1.7.1","dockerfile/1.7.1-labs","dockerfile/1.8.0","dockerfile/1.8.0-labs","dockerfile/1.8.0-rc1","dockerfile/1.8.0-rc1-labs","dockerfile/1.8.0-rc2","dockerfile/1.8.0-rc2-labs","dockerfile/1.8.1","dockerfile/1.8.1-labs","dockerfile/1.9.0","dockerfile/1.9.0-labs","dockerfile/1.9.0-rc1","dockerfile/1.9.0-rc1-labs","dockerfile/1.9.0-rc2","dockerfile/1.9.0-rc2-labs","v0.10.0","v0.10.0-rc1","v0.10.0-rc2","v0.10.1","v0.10.2","v0.10.3","v0.10.4","v0.10.5","v0.10.6","v0.11.0","v0.11.0-rc1","v0.11.0-rc2","v0.11.0-rc3","v0.11.0-rc4","v0.11.1","v0.11.2","v0.11.3","v0.11.4","v0.11.5","v0.11.6","v0.12.0","v0.12.0-rc1","v0.12.0-rc2","v0.12.1","v0.12.2","v0.12.3","v0.12.4","v0.12.5","v0.13.0","v0.13.0-beta1","v0.13.0-beta2","v0.13.0-beta3","v0.13.0-rc1","v0.13.0-rc2","v0.13.0-rc3","v0.13.1","v0.13.2","v0.14.0","v0.14.0-rc1","v0.14.0-rc2","v0.14.1","v0.15.0","v0.15.0-rc1","v0.15.0-rc2","v0.15.1","v0.15.2","v0.16.0","v0.16.0-rc1","v0.16.0-rc2","v0.17.0","v0.17.0-rc1","v0.17.0-rc2","v0.17.1","v0.17.2","v0.17.3","v0.18.0","v0.18.0-rc1","v0.18.0-rc2","v0.18.1","v0.18.2","v0.19.0","v0.19.0-rc1","v0.19.0-rc2","v0.19.0-rc3","v0.20.0","v0.20.0-rc1","v0.20.0-rc2","v0.20.0-rc3","v0.20.1","v0.20.2","v0.21.0","v0.21.0-rc1","v0.21.0-rc2","v0.21.1","v0.22.0","v0.22.0-rc1","v0.22.0-rc2","v0.23.0","v0.23.0-rc1","v0.23.0-rc2","v0.23.1","v0.23.2","v0.24.0","v0.24.0-rc1","v0.24.0-rc2","v0.25.0","v0.25.0-rc1","v0.25.1","v0.25.2","v0.26.0","v0.26.0-rc1","v0.26.0-rc2","v0.26.1","v0.26.2","v0.26.3","v0.27.0","v0.27.0-rc1","v0.27.0-rc2","v0.27.1","v0.28.0","v0.28.0-rc1","v0.28.0-rc2","v0.29.0","v0.29.0-rc1","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.4.0","v0.5.0","v0.5.1","v0.6.0","v0.6.1","v0.6.2","v0.6.3","v0.6.4","v0.7.0","v0.7.0-rc1","v0.7.1","v0.7.2","v0.8.0","v0.8.0-rc1","v0.8.0-rc2","v0.8.0-rc3","v0.8.1","v0.8.2","v0.8.3","v0.9.0","v0.9.0-rc1","v0.9.0-rc2","v0.9.1","v0.9.2","v0.9.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33747.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}