Advisory Details

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the ability to escape the container and execute low-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability.

The specific flaw exists within the the implemention of the Docker cli-plugins functionality. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code on the host system in the context of the current user.

07/11/25 - ZDI submitted the report to the vendor
08/27/25 - ZDI asked for updates
09/05/25 - the vendor requested technical clarification
09/15/25 - ZDI provided additional details
11/11/25 - the vendor rejected the report because the exploitation required prior privileged access
04/08/26 - ZDI notified the vendor of the intention to publish the case as a  0-day advisory

• 2025-07-09 - Vulnerability reported to vendor
• 2026-04-15 - Coordinated public release of advisory
• 2026-04-15 - Advisory Updated