Vendor CVEs
Docker
All CVEs
93 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9074 | Cri | 0.64 | — | 0.02 | Aug 20, 2025 | A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled,… | ||
| CVE-2015-9259 | Cri | 0.64 | 9.8 | 0.01 | Mar 31, 2018 | In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to… | ||
| CVE-2025-12744 | Hig | 0.60 | 8.8 | 0.01 | Dec 3, 2025 | A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload… | ||
| CVE-2024-41110 | Cri | 0.59 | 9.9 | 0.17 | Jul 24, 2024 | Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base… | ||
| CVE-2024-9348 | Hig | 0.58 | — | 0.00 | Oct 16, 2024 | Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. | ||
| CVE-2026-6406 | Hig | 0.57 | 8.8 | 0.00 | May 22, 2026 | The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket… | ||
| CVE-2025-9164 | Hig | 0.57 | — | 0.00 | Oct 27, 2025 | Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This… | ||
| CVE-2025-10657 | Hig | 0.57 | — | 0.00 | Sep 26, 2025 | In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/securi… | ||
| CVE-2018-15514 | Hig | 0.57 | 8.8 | 0.02 | Sep 1, 2018 | HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in… | ||
| CVE-2026-8936 | Hig | 0.53 | — | 0.00 | Jun 2, 2026 | Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0. | ||
| CVE-2026-5843 | Hig | 0.53 | 8.2 | 0.00 | May 22, 2026 | The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model's config.json specifies a model_file… | ||
| CVE-2026-5817 | Hig | 0.53 | 8.2 | 0.00 | May 22, 2026 | The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files included… | ||
| CVE-2014-5282 | Hig | 0.53 | 8.1 | 0.01 | Feb 6, 2018 | Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | ||
| CVE-2026-33990 | Cri | 0.52 | 9.1 | 0.00 | Apr 1, 2026 | Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the… | ||
| CVE-2025-62725 | Hig | 0.52 | — | 0.14 | Oct 27, 2025 | Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile… | ||
| CVE-2026-34040 | Hig | 0.51 | 8.8 | 0.08 | Mar 31, 2026 | Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1. | ||
| CVE-2014-0047 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2017 | Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. | ||
| CVE-2026-28400 | Hig | 0.49 | 7.5 | 0.00 | Feb 27, 2026 | Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST `/engines/_configure` endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying… | ||
| CVE-2016-8867 | Hig | 0.49 | 7.5 | 0.03 | Oct 28, 2016 | Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. | ||
| CVE-2026-42306 | Hig | 0.47 | 7.2 | 0.00 | Jun 12, 2026 | Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount… | ||
| CVE-2025-14740 | Med | 0.44 | 6.7 | 0.00 | Feb 4, 2026 | Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation… | ||
| CVE-2024-57782 | Med | 0.44 | 6.8 | 0.00 | Feb 13, 2025 | An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service. | ||
| CVE-2016-3697 | Hig | 0.44 | 7.8 | 0.00 | Jun 1, 2016 | libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | ||
| CVE-2015-3629 | Hig | 0.44 | 7.8 | 0.01 | May 18, 2015 | Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | ||
| CVE-2017-14992 | Med | 0.42 | 6.5 | 0.02 | Nov 1, 2017 | Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. | ||
| CVE-2017-11468 | Hig | 0.42 | 7.5 | 0.03 | Jul 20, 2017 | Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. | ||
| CVE-2016-6595 | Med | 0.42 | 6.5 | 0.02 | Jan 4, 2017 | The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is… | ||
| CVE-2026-41568 | Med | 0.40 | 6.1 | 0.00 | Jun 12, 2026 | Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or… | ||
| CVE-2026-55887 | hig | 0.38 | — | — | Jun 18, 2026 | ## Summary A maliciously crafted OCI image label can inject arbitrary arguments into the `docker run` command line constructed by the MCP Gateway. An attacker who controls an image that the victim references via `docker://`, or that the victim's catalog pulls a snapshot from,… | ||
| CVE-2026-33997 | Med | 0.37 | 6.8 | 0.00 | Mar 31, 2026 | Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may… | ||
| CVE-2016-9962 | Med | 0.35 | 6.4 | 0.00 | Jan 31, 2017 | RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to… | ||
| CVE-2025-6587 | Med | 0.34 | — | 0.00 | Jul 3, 2025 | System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain… | ||
| CVE-2025-3911 | Med | 0.34 | — | 0.00 | Apr 29, 2025 | Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive… | ||
| CVE-2025-1696 | Med | 0.34 | — | 0.00 | Mar 6, 2025 | A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in… | ||
| CVE-2025-4095 | Med | 0.28 | — | 0.00 | Apr 29, 2025 | Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would… | ||
| CVE-2025-0495 | Med | 0.20 | — | 0.00 | Mar 17, 2025 | Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured… | ||
| CVE-2019-15752 | 0.19 | — | 0.30 | KEV | Aug 28, 2019 | Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate… | ||
| CVE-2018-15664 | 0.01 | — | 0.03 | May 23, 2019 | In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not… | |||
| CVE-2014-9357 | 0.01 | — | 0.06 | Dec 16, 2014 | Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. | |||
| CVE-2026-12539 | 0.00 | — | 0.00 | Jun 18, 2026 | Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a… | |||
| CVE-2026-12039 | 0.00 | — | 0.00 | Jun 18, 2026 | Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload… | |||
| CVE-2025-15558 | 0.00 | — | 0.00 | Mar 4, 2026 | Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that… | |||
| CVE-2026-2664 | 0.00 | — | 0.00 | Feb 24, 2026 | An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed… | |||
| CVE-2025-13743 | 0.00 | — | 0.00 | Dec 9, 2025 | Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred. | |||
| CVE-2025-3224 | 0.00 | — | 0.00 | Apr 28, 2025 | A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path… | |||
| CVE-2024-8696 | 0.00 | — | 0.01 | Sep 12, 2024 | A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. | |||
| CVE-2024-8695 | 0.00 | — | 0.01 | Sep 12, 2024 | A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. | |||
| CVE-2024-6222 | 0.00 | — | 0.01 | Jul 9, 2024 | In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-note… | |||
| CVE-2024-5652 | 0.00 | — | 0.00 | Jul 9, 2024 | In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode. | |||
| CVE-2020-27352 | 0.00 | — | 0.00 | Jun 21, 2024 | When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself… |
- risk 0.64cvss —epss 0.02
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled,…
- risk 0.64cvss 9.8epss 0.01
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to…
- risk 0.60cvss 8.8epss 0.01
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload…
- risk 0.59cvss 9.9epss 0.17
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base…
- risk 0.58cvss —epss 0.00
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
- risk 0.57cvss 8.8epss 0.00
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket…
- risk 0.57cvss —epss 0.00
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This…
- risk 0.57cvss —epss 0.00
In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/securi…
- risk 0.57cvss 8.8epss 0.02
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in…
- risk 0.53cvss —epss 0.00
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.
- risk 0.53cvss 8.2epss 0.00
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model's config.json specifies a model_file…
- risk 0.53cvss 8.2epss 0.00
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files included…
- risk 0.53cvss 8.1epss 0.01
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
- risk 0.52cvss 9.1epss 0.00
Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the…
- risk 0.52cvss —epss 0.14
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile…
- risk 0.51cvss 8.8epss 0.08
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.
- risk 0.51cvss 7.8epss 0.00
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.
- risk 0.49cvss 7.5epss 0.00
Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST `/engines/_configure` endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying…
- risk 0.49cvss 7.5epss 0.03
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.
- risk 0.47cvss 7.2epss 0.00
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount…
- risk 0.44cvss 6.7epss 0.00
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation…
- risk 0.44cvss 6.8epss 0.00
An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service.
- risk 0.44cvss 7.8epss 0.00
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
- risk 0.44cvss 7.8epss 0.01
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
- risk 0.42cvss 6.5epss 0.02
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
- risk 0.42cvss 7.5epss 0.03
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
- risk 0.42cvss 6.5epss 0.02
The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is…
- risk 0.40cvss 6.1epss 0.00
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or…
- risk 0.38cvss —epss —
## Summary A maliciously crafted OCI image label can inject arbitrary arguments into the `docker run` command line constructed by the MCP Gateway. An attacker who controls an image that the victim references via `docker://`, or that the victim's catalog pulls a snapshot from,…
- risk 0.37cvss 6.8epss 0.00
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may…
- risk 0.35cvss 6.4epss 0.00
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to…
- risk 0.34cvss —epss 0.00
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain…
- risk 0.34cvss —epss 0.00
Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive…
- risk 0.34cvss —epss 0.00
A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in…
- risk 0.28cvss —epss 0.00
Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would…
- risk 0.20cvss —epss 0.00
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured…
- risk 0.19cvss —epss 0.30
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate…
- CVE-2018-15664May 23, 2019risk 0.01cvss —epss 0.03
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not…
- CVE-2014-9357Dec 16, 2014risk 0.01cvss —epss 0.06
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
- CVE-2026-12539Jun 18, 2026risk 0.00cvss —epss 0.00
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a…
- CVE-2026-12039Jun 18, 2026risk 0.00cvss —epss 0.00
Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload…
- CVE-2025-15558Mar 4, 2026risk 0.00cvss —epss 0.00
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that…
- CVE-2026-2664Feb 24, 2026risk 0.00cvss —epss 0.00
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed…
- CVE-2025-13743Dec 9, 2025risk 0.00cvss —epss 0.00
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
- CVE-2025-3224Apr 28, 2025risk 0.00cvss —epss 0.00
A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path…
- CVE-2024-8696Sep 12, 2024risk 0.00cvss —epss 0.01
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
- CVE-2024-8695Sep 12, 2024risk 0.00cvss —epss 0.01
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
- CVE-2024-6222Jul 9, 2024risk 0.00cvss —epss 0.01
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-note…
- CVE-2024-5652Jul 9, 2024risk 0.00cvss —epss 0.00
In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.
- CVE-2020-27352Jun 21, 2024risk 0.00cvss —epss 0.00
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself…
Page 1 of 2