CVE-2026-8936
- EPSS 0.12%
- Veröffentlicht 02.06.2026 21:09:03
- Zuletzt bearbeitet 04.06.2026 15:21:14
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76....
CVE-2026-5843
- EPSS 0.22%
- Veröffentlicht 22.05.2026 19:28:38
- Zuletzt bearbeitet 01.06.2026 18:07:43
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model's config.j...
CVE-2026-5817
- EPSS 0.22%
- Veröffentlicht 22.05.2026 19:24:15
- Zuletzt bearbeitet 01.06.2026 18:08:14
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and execute ar...
CVE-2026-6406
- EPSS 0.21%
- Veröffentlicht 22.05.2026 18:32:15
- Zuletzt bearbeitet 29.05.2026 19:02:40
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. Howe...
CVE-2026-28400
- EPSS 0.23%
- Veröffentlicht 27.02.2026 21:06:12
- Zuletzt bearbeitet 15.04.2026 00:35:42
Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST `/engines/_configure` endpoint that accepts arbitrary runtime flags without authentication. These flags are passed ...
CVE-2026-2664
- EPSS 0.19%
- Veröffentlicht 24.02.2026 10:16:03
- Zuletzt bearbeitet 27.02.2026 17:56:12
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entri...
CVE-2025-14740
- EPSS 0.2%
- Veröffentlicht 04.02.2026 13:57:23
- Zuletzt bearbeitet 15.04.2026 00:35:42
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creati...
CVE-2025-13743
- EPSS 0.19%
- Veröffentlicht 09.12.2025 20:39:52
- Zuletzt bearbeitet 30.01.2026 19:35:24
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
CVE-2025-62725
- EPSS 13.85%
- Veröffentlicht 27.10.2025 20:37:32
- Zuletzt bearbeitet 15.04.2026 00:35:42
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.fil...
CVE-2025-9164
- EPSS 0.1%
- Veröffentlicht 27.10.2025 13:53:40
- Zuletzt bearbeitet 15.04.2026 00:35:42
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through mali...