Desktop
by Docker
Source repositories
CVEs (33)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0629 | Hig | 0.46 | 7.1 | 0.00 | Mar 13, 2023 | Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment… | ||
| CVE-2022-26659 | Hig | 0.46 | 7.1 | 0.00 | Mar 25, 2022 | Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated,… | ||
| CVE-2025-14740 | Med | 0.44 | 6.7 | 0.00 | Feb 4, 2026 | Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation… | ||
| CVE-2023-0627 | Med | 0.44 | 6.7 | 0.00 | Sep 25, 2023 | Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. | ||
| CVE-2022-38730 | Med | 0.41 | 6.3 | 0.00 | Apr 27, 2023 | Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink… | ||
| CVE-2024-5652 | Med | 0.40 | 6.1 | 0.00 | Jul 9, 2024 | In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode. | ||
| CVE-2023-0628 | Med | 0.40 | 6.1 | 0.00 | Mar 13, 2023 | Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. | ||
| CVE-2023-1802 | Med | 0.38 | 5.9 | 0.01 | Apr 6, 2023 | In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental… | ||
| CVE-2022-23774 | Med | 0.35 | 5.3 | 0.01 | Feb 1, 2022 | Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. | ||
| CVE-2025-1696 | Med | 0.34 | — | 0.00 | Mar 6, 2025 | A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in… | ||
| CVE-2025-4095 | Med | 0.28 | — | 0.00 | Apr 29, 2025 | Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would… | ||
| CVE-2026-2664 | 0.00 | — | 0.00 | Feb 24, 2026 | An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed… | |||
| CVE-2025-13743 | 0.00 | — | 0.00 | Dec 9, 2025 | Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred. |
- risk 0.46cvss 7.1epss 0.00
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment…
- risk 0.46cvss 7.1epss 0.00
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated,…
- risk 0.44cvss 6.7epss 0.00
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation…
- risk 0.44cvss 6.7epss 0.00
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
- risk 0.41cvss 6.3epss 0.00
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink…
- risk 0.40cvss 6.1epss 0.00
In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.
- risk 0.40cvss 6.1epss 0.00
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
- risk 0.38cvss 5.9epss 0.01
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental…
- risk 0.35cvss 5.3epss 0.01
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
- risk 0.34cvss —epss 0.00
A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in…
- risk 0.28cvss —epss 0.00
Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would…
- CVE-2026-2664Feb 24, 2026risk 0.00cvss —epss 0.00
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed…
- CVE-2025-13743Dec 9, 2025risk 0.00cvss —epss 0.00
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
Page 2 of 2