CVE-2026-6406 (GCVE-0-2026-6406)

Vulnerability from cvelistv5 – Published: 2026-05-22 18:32 – Updated: 2026-05-23 03:56
VLAI
Title
Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag
Summary
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials. A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.
Severity
8.8 (High)
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
8.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
Docker Docker Desktop Affected: 4.41.0 , < 4.59.0 (semver)
Create a notification for this product.
Date Public
2026-04-23 00:00
Credits
Nitesh Surana (niteshsurana.com) of Trend Research
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-23T03:56:00.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS",
            "Linux",
            "Windows"
          ],
          "product": "Docker Desktop",
          "vendor": "Docker",
          "versions": [
            {
              "lessThan": "4.59.0",
              "status": "affected",
              "version": "4.41.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)"
            }
          ],
          "value": "Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nitesh Surana (niteshsurana.com) of Trend Research"
        }
      ],
      "datePublic": "2026-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Docker CLI \u003ccode\u003e--use-api-socket\u003c/code\u003e flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the \u003ccode\u003e--use-api-socket\u003c/code\u003e flag adds the Docker socket mount via the \u003ccode\u003eHostConfig.Mounts\u003c/code\u003e field rather than the \u003ccode\u003eHostConfig.Binds\u003c/code\u003e field. The ECI enforcement in the Docker Desktop API proxy only inspected \u003ccode\u003eBinds\u003c/code\u003e, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\u003cbr\u003e\u003cbr\u003eA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges."
            }
          ],
          "value": "The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\n\nA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T18:32:15.959Z",
        "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "shortName": "Docker"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.docker.com/desktop/release-notes/#4590"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-299/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host."
            }
          ],
          "value": "Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
    "assignerShortName": "Docker",
    "cveId": "CVE-2026-6406",
    "datePublished": "2026-05-22T18:32:15.959Z",
    "dateReserved": "2026-04-15T21:42:36.201Z",
    "dateUpdated": "2026-05-23T03:56:00.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-6406",
      "date": "2026-05-27",
      "epss": "0.00021",
      "percentile": "0.06305"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-6406\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-22T19:47:58.194662Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-22T19:48:36.707Z\"}}], \"cna\": {\"title\": \"Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Nitesh Surana (niteshsurana.com) of Trend Research\"}], \"impacts\": [{\"capecId\": \"CAPEC-122\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-122 Privilege Abuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Docker\", \"product\": \"Docker Desktop\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.41.0\", \"lessThan\": \"4.59.0\", \"versionType\": \"semver\"}], \"platforms\": [\"MacOS\", \"Linux\", \"Windows\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-04-23T00:00:00.000Z\", \"references\": [{\"url\": \"https://docs.docker.com/desktop/release-notes/#4590\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-26-299/\", \"tags\": [\"third-party-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\\n\\nA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The Docker CLI \u003ccode\u003e--use-api-socket\u003c/code\u003e flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the \u003ccode\u003e--use-api-socket\u003c/code\u003e flag adds the Docker socket mount via the \u003ccode\u003eHostConfig.Mounts\u003c/code\u003e field rather than the \u003ccode\u003eHostConfig.Binds\u003c/code\u003e field. The ECI enforcement in the Docker Desktop API proxy only inspected \u003ccode\u003eBinds\u003c/code\u003e, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\u003cbr\u003e\u003cbr\u003eA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"686469e6-3ff6-451b-ab8b-cf5b9e89401e\", \"shortName\": \"Docker\", \"dateUpdated\": \"2026-05-22T18:32:15.959Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-6406\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-22T19:48:57.000Z\", \"dateReserved\": \"2026-04-15T21:42:36.201Z\", \"assignerOrgId\": \"686469e6-3ff6-451b-ab8b-cf5b9e89401e\", \"datePublished\": \"2026-05-22T18:32:15.959Z\", \"assignerShortName\": \"Docker\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.