Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-6406— Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag

CVSS 8.8 · High EPSS 0.27% · P18

Affected Version Matrix 1

VendorProductVersion RangeStatus
DockerDocker Desktop4.41.0< 4.59.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-6406

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials. A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Docker Desktop 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Docker Desktop是美国Docker公司的一个基于容器技术的用于轻量化部署应用的桌面软件。该产品可提供桌面环境可支持在Linux/Windows/Mac OS系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。 Docker Desktop存在安全漏洞,该漏洞源于绕过增强容器隔离限制,可能导致本地攻击者通过添加Docker套接字挂载访问Docker引擎和认证凭据,提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
DockerDocker Desktop 4.41.0 ~ 4.59.0 -

II. Public POCs for CVE-2026-6406

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-6406

登录查看更多情报信息。

Vendor Advisories for CVE-2026-6406 (1)

Other References for CVE-2026-6406 (1)

Same Patch Batch · Docker · 2026-05-22 · 3 CVEs total

CVE-2026-58178.2 HIGHDocker Model Runner container-to-host code execution via unsandboxed trust_remote_code in
CVE-2026-58438.2 HIGHDocker Model Runner container-to-host code execution via MLX-LM model_file importlib loadi

IV. Related Vulnerabilities

Same product: Docker Desktop
Same vendor: Docker
Same weakness: CWE-863

V. Comments for CVE-2026-6406

No comments yet

Leave a comment