Vulnerability Report: GO-2026-4859
- CVE-2026-33748, GHSA-4vrq-3vrq-g6gg
- Affects: github.com/moby/buildkit
- Published: Mar 27, 2026
BuildKit Git URL subdir component can cause access to restricted files in github.com/moby/buildkit
For detailed information about this vulnerability, visit https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg
- https://docs.docker.com/build/concepts/context/#url-fragments
- https://github.com/moby/buildkit/releases/tag/v0.28.1
- https://vuln.go.dev/ID/GO-2026-4859.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.