CVE-2026-6406— Docker Desktop 安全漏洞

Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials. A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

授权机制不正确

Docker Desktop 安全漏洞

Docker Desktop是美国Docker公司的一个基于容器技术的用于轻量化部署应用的桌面软件。该产品可提供桌面环境可支持在Linux/Windows/Mac OS系统上创建一个容器（轻量级虚拟机）并部署和运行应用程序，以及通过配置文件实现应用程序的自动化安装、部署和升级。 Docker Desktop存在安全漏洞，该漏洞源于绕过增强容器隔离限制，可能导致本地攻击者通过添加Docker套接字挂载访问Docker引擎和认证凭据，提升权限。

N/A

N/A