Docker

This hub aggregates every CVE we track for Docker, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Cloud & SaaSon-premdev tool

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH43MEDIUM24CRITICAL7LOW2

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Docker.

CVE-2026-5843Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading8.2May 22, 2026
CVE-2026-5817Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends8.2May 22, 2026
CVE-2026-6406Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag8.8May 22, 2026
CVE-2026-2664Out of bounds read vulnerability in grpcfuse kernel module7.8Feb 24, 2026
CVE-2025-14740Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities6.7Feb 4, 2026
CVE-2025-13743Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs7.5Dec 9, 2025
CVE-2025-9164Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows7.8Oct 27, 2025
CVE-2025-9074Docker Desktop allows unauthenticated access to Docker Engine API from containers8.6Aug 20, 2025
CVE-2025-6587Exposure of system environment variables in Docker Desktop diagnostic logs6.5Jul 3, 2025
CVE-2025-3224Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion7.8Apr 28, 2025
CVE-2024-9348Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view9.0Oct 16, 2024
CVE-2024-8696A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.9.8Sep 12, 2024
CVE-2024-8695A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.9.8Sep 12, 2024
CVE-2024-41110Moby authz zero length regression9.9Jul 24, 2024
CVE-2024-6222In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages7.0Jul 9, 2024

Product normalization is registry-driven with AI assist and human review. How it works