Docker Desktop Zero-Day Vulnerability Disclosed After Vendor Rejects Report
A 0-day privilege escalation vulnerability in Docker Desktop has been publicly disclosed after Docker rejected the report, allowing attackers with container escape access to execute arbitrary code on the host system.
A critical zero-day vulnerability in Docker Desktop has been publicly disclosed by the Zero Day Initiative (ZDI) after Docker rejected the vulnerability report. The flaw, tracked as ZDI-26-260, is an uncontrolled search path element in the system/editor endpoint that allows an attacker who has already escaped a container to escalate privileges and execute arbitrary code on the host system.
The vulnerability carries a CVSS score of 7.5, with a vector string of AV:L/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H. The high score reflects the potential for complete compromise of confidentiality, integrity, and availability, though the attack complexity is high and requires prior privileged access within the Docker Hyper-V VM.
According to the ZDI advisory, the specific flaw exists within the system/editor endpoint, where the product executes a program from an unsecured location. An attacker who has already escaped a container and gained high-privileged code execution within the Docker Hyper-V VM can leverage this vulnerability to escalate privileges and execute arbitrary code on the host system in the context of the current user.
The disclosure timeline reveals a contentious process between the researcher and Docker. The vulnerability was reported to Docker on July 10, 2025. After multiple follow-ups and technical clarifications, Docker rejected the report was rejected by Docker on November 11, 2025, with the vendor stating that exploitation required prior privileged access. ZDI notified Docker of its intention to publish the case as a 0-day advisory on April 8, 2026, and the advisory was released on April 15, 2026.
Docker's rejection of the report has drawn criticism from the security community, as the vulnerability represents a significant escalation path for attackers who have already breached container boundaries. While the initial compromise of a container and escape to the Hyper-V VM is non-trivial, the flaw provides a reliable method for attackers to move from a compromised VM to the host system, potentially enabling broader network access and data exfiltration.
No patch is currently available for this vulnerability. The ZDI advisory notes that "the only salient mitigation strategy is to restrict interaction with the product," a recommendation that offers little practical guidance for organizations that rely on Docker Desktop in production or development environments. Users are advised to monitor Docker's security advisories for future updates.
The vulnerability was discovered and reported by Nitesh Surana and Nelson William Gamazo Sanchez of TrendAI Research. The disclosure highlights ongoing tensions between security researchers and vendors over the definition of "valid" vulnerability reports, particularly when exploitation requires multiple steps or prior access. As containerization continues to expand across enterprise environments, such privilege escalation paths remain a critical concern for security teams.