{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6406", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "state": "PUBLISHED", "assignerShortName": "Docker", "dateReserved": "2026-04-15T21:42:36.201Z", "datePublished": "2026-05-22T18:32:15.959Z", "dateUpdated": "2026-05-23T03:56:00.655Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2026-05-22T18:32:15.959Z"}, "title": "Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag", "datePublic": "2026-04-23T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "affected": [{"vendor": "Docker", "product": "Docker Desktop", "platforms": ["MacOS", "Linux", "Windows"], "versions": [{"status": "affected", "version": "4.41.0", "lessThan": "4.59.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\n\nA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The Docker CLI <code>--use-api-socket</code> flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the <code>--use-api-socket</code> flag adds the Docker socket mount via the <code>HostConfig.Mounts</code> field rather than the <code>HostConfig.Binds</code> field. The ECI enforcement in the Docker Desktop API proxy only inspected <code>Binds</code>, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.<br><br>A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges."}]}], "references": [{"url": "https://docs.docker.com/desktop/release-notes/#4590", "tags": ["release-notes"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-299/", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}], "configurations": [{"lang": "en", "value": "Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)"}]}], "workarounds": [{"lang": "en", "value": "Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host."}]}], "credits": [{"lang": "en", "value": "Nitesh Surana (niteshsurana.com) of Trend Research", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-22T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-6406"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-23T03:56:00.655Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6406", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-22T19:47:58.194662Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-22T19:48:36.707Z"}}], "cna": {"title": "Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Nitesh Surana (niteshsurana.com) of Trend Research"}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Docker", "product": "Docker Desktop", "versions": [{"status": "affected", "version": "4.41.0", "lessThan": "4.59.0", "versionType": "semver"}], "platforms": ["MacOS", "Linux", "Windows"], "defaultStatus": "unaffected"}], "datePublic": "2026-04-23T00:00:00.000Z", "references": [{"url": "https://docs.docker.com/desktop/release-notes/#4590", "tags": ["release-notes"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-299/", "tags": ["third-party-advisory"]}], "workarounds": [{"lang": "en", "value": "Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host.", "supportingMedia": [{"type": "text/html", "value": "Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\n\nA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.", "supportingMedia": [{"type": "text/html", "value": "The Docker CLI <code>--use-api-socket</code> flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the <code>--use-api-socket</code> flag adds the Docker socket mount via the <code>HostConfig.Mounts</code> field rather than the <code>HostConfig.Binds</code> field. The ECI enforcement in the Docker Desktop API proxy only inspected <code>Binds</code>, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.<br><br>A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "configurations": [{"lang": "en", "value": "Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)", "supportingMedia": [{"type": "text/html", "value": "Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)", "base64": false}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2026-05-22T18:32:15.959Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6406", "state": "PUBLISHED", "dateUpdated": "2026-05-22T19:48:57.000Z", "dateReserved": "2026-04-15T21:42:36.201Z", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "datePublished": "2026-05-22T18:32:15.959Z", "assignerShortName": "Docker"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "platforms": ["MacOS", "Linux", "Windows"], "product": "Docker Desktop", "vendor": "Docker", "versions": [{"lessThan": "4.59.0", "status": "affected", "version": "4.41.0", "versionType": "semver"}]}], "source": "security@docker.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1189874-3682-44BE-9779-36992F4D8BC8", "versionEndExcluding": "4.59.0", "versionStartIncluding": "4.41.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\n\nA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges."}], "id": "CVE-2026-6406", "lastModified": "2026-06-17T11:00:47.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security@docker.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@docker.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-6406", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "role": "CISA Coordinator", "timestamp": "2026-05-22T00:00:00+00:00", "version": "2.0.3"}}]}, "published": "2026-05-22T19:17:04.827", "references": [{"source": "security@docker.com", "tags": ["Release Notes"], "url": "https://docs.docker.com/desktop/release-notes/#4590"}, {"source": "security@docker.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-299/"}], "sourceIdentifier": "security@docker.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@docker.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["macos", "linux", "windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[4.41.0,4.59.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Docker Desktop", "source": "cna", "vendor": "Docker"}, "product": "docker_desktop", "vendor": "docker"}], "created": "2026-05-22T20:30:05.784446+00:00", "updated": "2026-05-22T20:30:06.076583+00:00", "vendors": ["docker", "docker$PRODUCT$docker_desktop"]}