Lucene search
K

11 matches found

NVD
NVD
added 2026/06/18 2:17 p.m.11 views

CVE-2026-12039

Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...

5.7CVSS0.00103EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 1:51 p.m.8 views

EUVD-2026-37893

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS5.5AI score0.00097EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 1:51 p.m.21 views

CVE-2026-12539

Docker Sandboxes (sbx) ICMP egress restriction can be bypassed after daemon restart. The issue arises because the authorizer is applied only at network creation and is not re-applied to networks rebuilt from disk on restart, allowing a restart-surviving sandbox to forward ICMP to arbitrary hosts....

5.7CVSS5.5AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 1:51 p.m.14 views

CVE-2026-12539

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS5.5AI score0.00097EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/18 1:48 p.m.11 views

CVE-2026-12039 Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution

Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...

5.7CVSS5.2AI score0.00103EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 1:48 p.m.16 views

CVE-2026-12039

Docker Sandboxes (sbx) expose a DNS resolution bypass: the per-network embedded DNS server forwards queries to the host resolver when the network is internet-connected, ignoring the HTTP/S egress allowlist. This enables a workload treated as untrusted to encode data in DNS labels for an attacker-...

5.7CVSS5.3AI score0.00103EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 1:48 p.m.18 views

CVE-2026-12039 Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution

Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...

5.7CVSS0.00103EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 1:48 p.m.9 views

EUVD-2026-37892

Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...

5.7CVSS5.3AI score0.00103EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.12 views

PT-2026-50674

Name of the Vulnerable Software and Affected Versions Docker Sandboxes sbx affected versions not specified Description Docker Sandboxes sbx implements an egress allowlist restricted to HTTP/S traffic but fails to apply this restriction to DNS resolution. The embedded DNS server for each network...

5.7CVSS5.8AI score0.00103EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.25 views

PT-2026-50676

Name of the Vulnerable Software and Affected Versions Docker Sandboxes affected versions not specified Description Docker Sandboxes sbx fail to re-apply the ICMP egress authorizer to networks rebuilt from disk after a Docker daemon restart. This allows a restart-surviving sandbox to forward ICMP...

5.7CVSS6AI score0.00097EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.3 views

Mapping the Exploitation Surface: A 10,000-Trial Taxonomy of What Makes LLM Agents Exploit Vulnerabilities

LLM agents with tool access can discover and exploit security vulnerabilities. This is known. What is not known is which features of a system prompt trigger this behaviour, and which do not. We present a systematic taxonomy based on approximately 10,000 trials across seven models, 37 prompt...

5.8AI score
Exploits0
Rows per page
Query Builder