A high-severity bug in Docker allows attackers to bypass authorization plugins by sending requests larger than 1MB. This truncation causes plugins to evaluate empty, seemingly harmless payloads while the daemon executes the full, malicious command with elevated privileges.