CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2664 – Out of bounds read vulnerability in grpcfuse kernel module
https://notcve.org/view.php?id=CVE-2026-2664
24 Feb 2026 — An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop 4.62.0 . This vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the targe... • https://docs.docker.com/desktop/release-notes/#4620 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14740 – Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2025-14740
04 Feb 2026 — Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1 (Persistent Attack): If a low-privileged attacker pre-creates C:\ProgramData\DockerDesktop before Docker Desktop installation, the attacker retains ownership of the directory even after the installer applies restrictive ... • https://docs.docker.com/security • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13743 – Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
https://notcve.org/view.php?id=CVE-2025-13743
09 Dec 2025 — Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred. • https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#troubleshoot-menu • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9164 – Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows
https://notcve.org/view.php?id=CVE-2025-9164
27 Oct 2025 — Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0. • https://docs.docker.com/desktop/release-notes • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-10657 – Docker Desktop with ECI Fails to Enforce Socket Command Restrictions
https://notcve.org/view.php?id=CVE-2025-10657
26 Sep 2025 — In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions to restrict commands that a container with a Docker socket mount may issue on that socket. Due to a software bug, the configuration to restrict commands wa... • https://docs.docker.com/desktop/release-notes • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2025-9074 – Docker Desktop allows unauthenticated access to Docker Engine API from containers
https://notcve.org/view.php?id=CVE-2025-9074
20 Aug 2025 — A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones,... • https://packetstorm.news/files/id/215043 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6587 – Exposure of system environment variables in Docker Desktop diagnostic logs
https://notcve.org/view.php?id=CVE-2025-6587
03 Jul 2025 — System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection. • https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 50%CPEs: 1EXPL: 0NotCVE-2025-0001 – Insufficient network isolation
https://notcve.org/view.php?id=NotCVE-2025-0001
05 Jun 2025 — When you run a container on the default Docker “bridge” network, Docker sets up NAT (Network Address Translation) rules using your system’s firewall (via iptables). For example, the following command forwards traffic from port 8080 on your host to port 80 in the container. docker run -d -p 8080:80 my-web-app However, if your host’s filter-FORWARD chain is permissive (i.e., ACCEPT by default) and net.ipv4.ip_forward is enabled, unpublished ports could also be remotely accessible under certain conditions. ... • https://www.docker.com/blog/docker-engine-28-hardening-container-networking-by-default/ • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3911 – Exposure in Docker Desktop logs of environment variables configured for running containers
https://notcve.org/view.php?id=CVE-2025-3911
29 Apr 2025 — Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user. Recording of environment variables, configured f... • https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4095 – Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile
https://notcve.org/view.php?id=CVE-2025-4095
29 Apr 2025 — Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry. • https://docs.docker.com/security/for-admins/hardened-desktop/registry-access-management • CWE-862: Missing Authorization •