| CVE ID | CVE-2026-6406 |
| CVSS SCORE | 8.8, AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| AFFECTED VENDORS |
Docker |
| AFFECTED PRODUCTS |
Desktop |
| VULNERABILITY DETAILS |
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code within a container in order to exploit this vulnerability. The specific flaw exists within the processing of Docker CLI arguments. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges to resources normally protected by Enhanced Container Isolation. |
| ADDITIONAL DETAILS |
Fixed in Docker Desktop 4.59.0 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Nitesh Surana (niteshsurana.com) of Trend Research |
