StackPatch is liveSee product

Back to CVE digest
CVE-2026-33747 · cross-distro fix matrix

CVE-2026-33747: It was discovered that BuildKit, contained within Docker, incorrectly

Affects 5 Linux releases across 14 (distro × package) combinations. First disclosed: 2026-05-06.

Fix per ecosystem

Each block below is a distro release where CVE-2026-33747 has a known fix. Run the listed command on that distro to remediate.

Ubuntu focal

Source: Ubuntu USN

  • docker.io-app→ fixed in26.1.3-0ubuntu1~20.04.1+esm2USN-8230-1
    sudo apt-get install --only-upgrade -y docker.io-app
  • docker-doc→ fixed in26.1.3-0ubuntu1~20.04.1+esm2USN-8230-1
    sudo apt-get install --only-upgrade -y docker-doc
  • docker.io→ fixed in26.1.3-0ubuntu1~20.04.1+esm2USN-8230-1
    sudo apt-get install --only-upgrade -y docker.io

Ubuntu jammy

Source: Ubuntu USN

  • docker.io-app→ fixed in29.1.3-0ubuntu3~22.04.2USN-8230-1
    sudo apt-get install --only-upgrade -y docker.io-app
  • docker-doc→ fixed in29.1.3-0ubuntu3~22.04.2USN-8230-1
    sudo apt-get install --only-upgrade -y docker-doc
  • docker.io→ fixed in29.1.3-0ubuntu3~22.04.2USN-8230-1
    sudo apt-get install --only-upgrade -y docker.io

Ubuntu noble

Source: Ubuntu USN

  • docker.io-app→ fixed in29.1.3-0ubuntu3~24.04.2USN-8230-1
    sudo apt-get install --only-upgrade -y docker.io-app
  • docker-doc→ fixed in29.1.3-0ubuntu3~24.04.2USN-8230-1
    sudo apt-get install --only-upgrade -y docker-doc
  • docker.io→ fixed in29.1.3-0ubuntu3~24.04.2USN-8230-1
    sudo apt-get install --only-upgrade -y docker.io

Ubuntu resolute

Source: Ubuntu USN

  • docker.io-app→ fixed in29.1.3-0ubuntu4.1USN-8230-1
    sudo apt-get install --only-upgrade -y docker.io-app
  • docker-doc→ fixed in29.1.3-0ubuntu4.1USN-8230-1
    sudo apt-get install --only-upgrade -y docker-doc
  • docker.io→ fixed in29.1.3-0ubuntu4.1USN-8230-1
    sudo apt-get install --only-upgrade -y docker.io

Alpine edge

Source: Alpine secdb

  • buildkit→ fixed in0.29.0-r0
    apk update && apk add --upgrade buildkit
  • docker→ fixed in29.3.1-r0
    apk update && apk add --upgrade docker
Are YOU affected by CVE-2026-33747?

5-second check on your actual server. Reads /etc/os-release, uname -r, and the distro's package manager; matches against this same cross-source index live.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan View on NVD
Continuous monitoring beats manual checking

CVE-2026-33747dropped silently in your distro's update channel. Every new CVE is the same story. StackPatch runs the matcher hourly against all 5 sources and emails the exact remediation when something new applies to one of your servers. $99 lifetime, 50 founder seats, 30-day refund.

See StackPatch ($99 lifetime)