VYPR
High severity8.8OSV Advisory· Published Sep 1, 2018· Updated Jun 17, 2026

CVE-2018-15514

CVE-2018-15514

Description

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: 0.0.3, docs-v1.12.0-rc4-2016-07-15, upstream/0.1.2, …
  • Range: < 18.06.0-ce-rc3-win68 (edge) and < 18.06.0-ce-win72 (stable)

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.