VYPR

Desktop

by Docker

Source repositories

CVEs (33)

  • CVE-2025-9074CriAug 20, 2025
    risk 0.64cvss epss 0.02

    A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled,…

  • CVE-2024-8696CriSep 12, 2024
    risk 0.64cvss 9.8epss 0.01

    A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.

  • CVE-2024-8695CriSep 12, 2024
    risk 0.64cvss 9.8epss 0.01

    A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.

  • CVE-2026-6406HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.00

    The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket…

  • CVE-2025-9164HigOct 27, 2025
    risk 0.57cvss epss 0.00

    Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This…

  • CVE-2025-10657HigSep 26, 2025
    risk 0.57cvss epss 0.00

    In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/securi…

  • CVE-2021-44719HigMay 25, 2022
    risk 0.55cvss 8.4epss 0.00

    Docker Desktop 4.3.0 has Incorrect Access Control.

  • CVE-2026-8936HigJun 2, 2026
    risk 0.53cvss epss 0.00

    Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.

  • CVE-2026-5843HigMay 22, 2026
    risk 0.53cvss 8.2epss 0.00

    The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model's config.json specifies a model_file…

  • CVE-2023-5166HigSep 25, 2023
    risk 0.52cvss 8.0epss 0.01

    Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.

  • CVE-2023-0626HigSep 25, 2023
    risk 0.52cvss 8.0epss 0.01

    Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.

  • CVE-2023-0625HigSep 25, 2023
    risk 0.52cvss 8.0epss 0.01

    Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.

  • CVE-2025-3224HigApr 28, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path…

  • CVE-2022-37326HigApr 27, 2023
    risk 0.51cvss 7.8epss 0.00

    Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to…

  • CVE-2022-25365HigFeb 19, 2022
    risk 0.51cvss 7.8epss 0.01

    Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.

  • CVE-2023-0633HigSep 25, 2023
    risk 0.47cvss 7.2epss 0.00

    In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.

  • CVE-2024-6222HigJul 9, 2024
    risk 0.46cvss 7.0epss 0.01

    In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-note…

  • CVE-2023-5165HigSep 25, 2023
    risk 0.46cvss 7.1epss 0.00

    Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business…

  • CVE-2022-34292HigApr 27, 2023
    risk 0.46cvss 7.1epss 0.00

    Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.

  • CVE-2022-31647HigApr 27, 2023
    risk 0.46cvss 7.1epss 0.00

    Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.

Page 1 of 2