Docker Model Runner Unauthenticated Runtime Flag Injection (CVE-2026-28400)

Critical Vulnerability Information Vulnerability Overview Vulnerability Name: Docker Model Runner Unauthenticated Runtime Flag Injection via Endpoint GHSA: GHSA-m456-c56c-hh5c CVSS v3 Base Score: 7.6 (High) CVE ID: CVE-2026-28400 Impact Affected Versions: Fixed Version: Vulnerability Description: Docker Model Runner exposes a POST endpoint that accepts arbitrary runtime flags without authentication. These flags are directly passed to the underlying inference server (e.g., llama.cpp). By injecting the flag, an attacker can write to or overwrite any file accessible to the Model Runner process, using the network identity of the Model Runner API. Specific Impact: When bundled with Docker Desktop (Model Runner enabled by default since version 4.46.0), any default container can access it at without authentication. In this scenario, file overwrites can target the Docker Desktop VM disk (Docker .raw), leading to destruction of all containers, images, volumes, and build history. Advanced Risk: Under specific configurations and user interaction, this vulnerability could potentially be exploited to achieve container escape. Remediation Fixed Version: Patched in Docker Model Runner . Recommended Update: Docker Desktop users should update to version 4.61.0 or later, which includes the patched Model Runner. Mitigation Enhanced Container Isolation (ECl): For Docker Desktop users, enabling Enhanced Container Isolation (ECl) can prevent containers from accessing the Model Runner, thereby blocking exploitation of this vulnerability. However, if Docker Model Runner is exposed over TCP to localhost in a specific configuration, the vulnerability remains exploitable. References Docker Security Documentation Zero Day Initiative Advisory Report Reporter: Nitesh Surana, TrendAI Research

Goal Reached Thanks to every supporter — we hit 100%!

Docker Model Runner Unauthenticated Runtime Flag Injection (CVE-2026-28400)

More from this source