Home / Vulnerability Intelligence / CVE-2026-33747

CVE-2026-33747 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 27, 2026

BuildKit - Unrestricted File Upload

Published: March 27, 2026Updated: March 27, 2026

Overview

BuildKit < 0.28.1 contains an unrestricted file write vulnerability caused by crafted API messages from custom frontends, letting attackers write files outside the BuildKit state directory, exploit requires untrusted frontend usage.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 0.6%(Probability of exploitation in next 30 days)

Impact

Attackers can write files outside the intended directory, potentially leading to arbitrary file modification or system compromise.

Mitigation

Update to version 0.28.1 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 28, 2026

🟠 CVE-2026-33747 - High (8.4) BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be wr... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33747/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-33747
Severity: High
CVSS Score: 8.4
Type: unrestricted_file_upload
Status: new
EPSS: 0.6%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.6%Probability of exploitation in the next 30 days