CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

PT-2026-22403

Name of the Vulnerable Software and Affected Versions Docker Model Runner versions prior to 1.0.16 Docker Desktop versions prior to 4.61.0 when Model Runner is enabled Description Docker Model Runner is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expo...

Mailpit -- Performance information disclosure

Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime information memory usage, goroutine counts, GC behavior, uptime and potential runtime flags due to the Prometheus client library dependency...