CVE-2026-6406

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

[SECURITY] Fedora 44 Update: podman-5.8.2-1.fc44

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

EUVD-2025-208275

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows...

GHSA-P436-GJF2-799P Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows

This issue affects Docker CLI through 29.1.5 Impact Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe,...

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows

This issue affects Docker CLI through 29.1.5 Impact Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe,...

[SECURITY] Fedora 43 Update: docker-buildx-0.29.1-1.fc43

Docker CLI plugin for extended build capabilities with BuildKit...

Important: docker

Issue Overview: A file permissions vulnerability was found in Moby Docker Engine. Copying files by using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an...

USN-5134-1 docker.io vulnerability

An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied credentials being leaked to the public registry, when using the docker login command with a private registry...

Docker 信息泄露漏洞

Docker is an open source application container engine from the American company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrading of applications...

PT-2021-7301 · Docker +5 · Docker Cli +5

Name of the Vulnerable Software and Affected Versions: Docker CLI versions prior to 20.10.9 Description: A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or...