Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Docker — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting Docker. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Docker provides containerization software that enables developers to package applications and their dependencies into standardized units for consistent deployment across computing environments. Historically, vulnerabilities within the Docker ecosystem have frequently involved privilege escalation, allowing attackers to escape container isolation and gain root access on the host system. Other common flaw classes include remote code execution (RCE) and improper access controls within the daemon interface. With twenty-four CVEs currently on record, the platform has faced scrutiny regarding its default security configurations and the potential for lateral movement if a container is compromised. Notable incidents often stem from misconfigurations rather than inherent architectural failures, emphasizing the critical need for strict least-privilege principles and regular patching of the underlying engine to mitigate risks associated with shared kernel resources and exposed API endpoints.

Top products by Docker: Docker Desktop Docker Engine model-runner docker-credential-helpers cli buildx compose mcp-gateway Docker CLI
CVE IDTitleCVSSSeverityPublished
CVE-2026-33990 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF) — model-runnerCWE-918 8.2AIHighAI2026-04-01
CVE-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability — Docker CLICWE-427 7.3 -2026-03-04
CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint — model-runnerCWE-749 7.6 High2026-02-27
CVE-2026-2664 Out of bounds read vulnerability in grpcfuse kernel module — Docker DesktopCWE-125 7.1AIHighAI2026-02-24
CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs — Docker DesktopCWE-532 7.5AIHighAI2025-12-09
CVE-2025-64443 DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode — mcp-gatewayCWE-749 8.3AIHighAI2025-12-03
CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations — composeCWE-22 9.8AICriticalAI2025-10-27
CVE-2025-9164 Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows — Docker DesktopCWE-427 7.8AIHighAI2025-10-27
CVE-2025-10657 Docker Desktop with ECI Fails to Enforce Socket Command Restrictions — Docker DesktopCWE-269 7.2 -2025-09-26
CVE-2025-9074 Docker Desktop allows unauthenticated access to Docker Engine API from containers — Docker DesktopCWE-668 8.1AIHighAI2025-08-20
CVE-2025-6587 Exposure of system environment variables in Docker Desktop diagnostic logs — Docker DesktopCWE-532 6.5AIMediumAI2025-07-03
CVE-2025-3911 Exposure in Docker Desktop logs of environment variables configured for running containers — Docker DesktopCWE-532 5.5AIMediumAI2025-04-29
CVE-2025-4095 Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile — Docker DesktopCWE-862 6.1AIMediumAI2025-04-29
CVE-2025-3224 Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion — Docker DesktopCWE-269 7.8AIHighAI2025-04-28
CVE-2025-0495 Secrets leakage to telemetry endpoint via cache backend configuration via buildx — buildxCWE-532 6.5 -2025-03-17
CVE-2025-1696 Exposure of Proxy Credentials in Docker Desktop Logs — Docker DesktopCWE-532 4.3 -2025-03-06
CVE-2024-9348 Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view — Docker DesktopCWE-20 9.8AICriticalAI2024-10-16
CVE-2024-8696 A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. — Docker DesktopCWE-79 8.8AIHighAI2024-09-12
CVE-2024-8695 A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. — Docker DesktopCWE-79 9.8AICriticalAI2024-09-12
CVE-2023-1802 In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed — Docker DesktopCWE-319 5.9 Medium2023-04-06
CVE-2021-41092 Docker CLI leaks private registry credentials to registry-1.docker.io — cliCWE-200 5.4 Medium2021-10-04
CVE-2014-8179 Docker和Docker CS Engine 输入验证错误漏洞 — Docker Engine 7.5 -2019-12-04
CVE-2014-8178 Docker Engine和CS Docker Engine 输入验证错误漏洞 — Docker Engine 5.5 -2019-12-04
CVE-2019-1020014 docker-credential-helpers 资源管理错误漏洞 — docker-credential-helpers 5.5 -2019-07-29

This page lists every published CVE security advisory associated with Docker. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.