Container build pipelines that rely on SSH agent forwarding to authenticate to source control systems or remote services are the direct exposure point — SSH keys forwarded through an affected docker-buildx build on Azure Linux 3.0 lose their intended restrictions silently, without any error or alert. If an attacker gains a foothold in the build environment, they can use those unconstrained keys to access source code repositories, internal services, or production infrastructure beyond what the key policy was designed to allow. The downstream risk is unauthorized code access, supply-chain tampering, or lateral movement into production systems, each carrying potential for significant operational disruption and reputational harm if a build pipeline compromise is later disclosed.
You Are Affected If
You run Microsoft azl3 docker-buildx 0.14.0-11 on Azure Linux 3.0
Your Docker build pipelines use SSH agent forwarding (ForwardAgent yes, or --mount=type=ssh in Dockerfiles)
SSH keys used in those pipelines carry constraints such as lifetime limits or per-use confirmation requirements
The build environment is accessible to other tenants, shared CI/CD runners, or has not been hardened against lateral movement from a compromised build step
You have not yet applied the updated azl3 docker-buildx package from the MSRC May 2026 Patch Tuesday release
Board Talking Points
A confirmed critical flaw in our Azure Linux 3.0 container build tooling allows SSH keys used in automated pipelines to be accessed without the restrictions we set on them, potentially enabling unauthorized access to source code or internal systems.
Security teams should disable SSH agent forwarding in affected pipelines immediately and apply the vendor patch from Microsoft's May 2026 update cycle within the current sprint.
Without action, any attacker who gains access to a build environment could use unguarded credentials to move laterally into production systems or tamper with code before it ships.
