Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.4 views

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

9.1CVSS5.9AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 5:28 p.m.5 views

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

9.1CVSS0.00253EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/01 5:28 p.m.4 views

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

9.1CVSS5.8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 5:28 p.m.6 views

UBUNTU-CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

9.1CVSS5.9AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 4:17 p.m.82 views

CVE-2026-33990

Docker Model Runner (DMR) is affected by an SSRF in the OCI registry token exchange flow prior to version 1.1.25. When pulling a model, DMR uses the realm URL from the registry’s WWW-Authenticate header without validating the scheme, hostname, or IP range, allowing a malicious OCI registry to dir...

9.1CVSS5.9AI score0.00253EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/01 4:17 p.m.3 views

EUVD-2026-17963

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

6.8CVSS5.9AI score0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 4:17 p.m.8 views

CVE-2026-33990 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

6.8CVSS6AI score0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 4:17 p.m.2 views

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

6.8CVSS5.9AI score0.00253EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/01 4:17 p.m.24 views

CVE-2026-33990 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

6.8CVSS0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

Docker Model Runner 代码问题漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Versions of Docker Model Runner prior to 1.1.25 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing attack during the OCI registry token exchange process. When pulling...

9.1CVSS6AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/03/30 5:8 p.m.1 views

GHSA-X2F5-332J-9XWQ Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Summary Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authenticate header without validating the scheme, hostname, or IP range. A malicious OCI registry can set the realm...

6.8CVSS6AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29104

Name of the Vulnerable Software and Affected Versions Docker Model Runner versions prior to 1.1.25 Docker Desktop versions prior to 4.67.0 Description The software contains a Server-Side Request Forgery SSRF issue within the OCI registry token exchange process. When retrieving a model, the softwa...

9.1CVSS6AI score0.00494EPSS
Exploits0References42
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

7.3CVSS6.1AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/02 1:43 p.m.8 views

CVE-2026-28400

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/02/27 10:16 p.m.8 views

CVE-2026-28400

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:6 p.m.7 views

CVE-2026-28400

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 9:6 p.m.4 views

CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/27 9:6 p.m.8 views

EUVD-2026-9073

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/27 9:6 p.m.21 views

CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS0.00226EPSS
Exploits0References2
OSV
OSV
added 2026/02/27 9:6 p.m.6 views

CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References4
Rows per page
Query Builder