Docker Engine is affected by a logic error (CVE-2026-34040) that allows crafted API requests to bypass authorization plugin evaluation and escalate privileges to root on the underlying host, representing a container-to-host escape risk. CVSS base score and specific affected version ranges are not yet confirmed from NVD; authoritative version scope must be validated directly against the NVD entry and Docker’s official advisory before determining exposure. Despite a low current EPSS score (0.014th percentile), the severity of successful exploitation — full host compromise — warrants immediate access restriction to the Docker daemon socket and API ports pending patch confirmation.