Advisory Details

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability.

The specific flaw exists within the the app/settings endpoint. When parsing the credentialHelper value, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code on the host system in the context of the current user.

07/11/25 - ZDI submitted the report to the vendor
08/27/25 - ZDI asked for updates
09/05/25 - the vendor requested technical clarification
09/15/25 - ZDI provided additional details
11/11/25 - the vendor rejected the report because the exploitation required prior privileged access
04/08/26 - ZDI notified the vendor of the intention to publish the case as a  0-day advisory

• 2025-07-11 - Vulnerability reported to vendor
• 2026-04-15 - Coordinated public release of advisory
• 2026-04-15 - Advisory Updated