docker

Top products

The 15 most recently published vulnerabilities affecting docker.

• CVE-2026-42306Moby: Race condition in docker cp allows bind mount redirection to host path7.2Jun 12, 2026
• CVE-2026-41568Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap6.1Jun 12, 2026
• CVE-2026-41567Docker: `PUT /containers/{id}/archive` executes container binary on the host7.2Jun 5, 2026
• CVE-2026-5843Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading8.2May 22, 2026
• CVE-2026-5817Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends8.2May 22, 2026
• CVE-2026-6406Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag8.8May 22, 2026
• CVE-2026-33990Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)9.1Apr 1, 2026
• CVE-2026-33997Moby: Off-by-one error in plugin privilege validation6.8Mar 31, 2026
• CVE-2026-34040Moby: AuthZ plugin bypass with oversized request body8.8Mar 31, 2026
• CVE-2026-28400Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint7.5Feb 27, 2026
• CVE-2026-2664Out of bounds read vulnerability in grpcfuse kernel module7.8Feb 24, 2026
• CVE-2025-13743Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs7.5Dec 9, 2025
• CVE-2025-62725Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations8.8Oct 27, 2025
• CVE-2025-9164Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows7.8Oct 27, 2025
• CVE-2025-9074Docker Desktop allows unauthenticated access to Docker Engine API from containers8.6Aug 20, 2025