High severity8.8OSV Advisory· Published Sep 1, 2018· Updated Jun 17, 2026
CVE-2018-15514
CVE-2018-15514
Description
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 18.06.0-ce-rc3-win68 (edge) and < 18.06.0-ce-win72 (stable)
Patches
Vulnerability mechanics
References
4- srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.htmlnvdExploitThird Party Advisory
- www.securityfocus.com/bid/105202nvdThird Party AdvisoryVDB Entry
- docs.docker.com/docker-for-windows/edge-release-notes/nvdVendor Advisory
- docs.docker.com/docker-for-windows/release-notes/nvdVendor Advisory
News mentions
0No linked articles in our index yet.