Docker Desktop
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Docker Desktop.
By the Year
In 2026 there have been 2 vulnerabilities in Docker Desktop with an average score of 6.7 out of ten. Last year, in 2025 Docker Desktop had 9 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Docker Desktop in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.10
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 6.70 |
| 2025 | 9 | 7.80 |
| 2024 | 4 | 8.37 |
| 2023 | 13 | 7.78 |
| 2022 | 1 | 5.50 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.80 |
It may take a day or so for new Docker Desktop vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Docker Desktop Security Vulnerabilities
OOB Read in dockerfuse in Docker Desktop 4.61.0
CVE-2026-2664
- February 24, 2026
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop 4.62.0 .
Out-of-bounds Read
Docker Desktop Windows Installer Permission Bypass (CVE-2025-14740)
CVE-2025-14740
6.7 - Medium
- February 04, 2026
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1 (Persistent Attack): If a low-privileged attacker pre-creates C:\ProgramData\DockerDesktop before Docker Desktop installation, the attacker retains ownership of the directory even after the installer applies restrictive ACLs. At any time after installation completes, the attacker can modify the directory ACL (as the owner) and tamper with critical configuration files such as install-settings.json to specify a malicious credentialHelper, causing arbitrary code execution when any user runs Docker Desktop. Scenario 2 (TOCTOU Attack): During installation, there is a time-of-check-time-of-use (TOCTOU) race condition between when the installer creates C:\ProgramData\DockerDesktop and when it sets secure ACLs. A low-privileged attacker actively monitoring for the installation can inject malicious files (such as install-settings.json) with attacker-controlled ACLs during this window, achieving the same code execution outcome.
Incorrect Permission Assignment for Critical Resource
Docker Desktop Diagnostics Leak Expired Hub PATs via Error Object Serialization
CVE-2025-13743
- December 09, 2025
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
Insertion of Sensitive Information into Log File
Docker Desktop DLL hijacking via Installer.exe (before 4.48.0)
CVE-2025-9164
- October 27, 2025
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0.
DLL preloading
Docker Desktop 4.46.0: ECI Cmd Restriction Bypass Grants Full Socket Access
CVE-2025-10657
- September 26, 2025
In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions to restrict commands that a container with a Docker socket mount may issue on that socket. Due to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands. The vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket.
Improper Privilege Management
Docker Desktop: Containers access Engine API on 192.168.65.7:2375 (CVE-2025-9074)
CVE-2025-9074
- August 20, 2025
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
Exposure of Resource to Wrong Sphere
Docker Desktop 4.43.0 prevents env var leak in diag logs
CVE-2025-6587
- July 03, 2025
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.
Insertion of Sensitive Information into Log File
Docker Desktop MacOS RAM Policy Bypass Allows Unrestricted Registry Pull
CVE-2025-4095
- April 29, 2025
Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry.
Docker Desktop ENV Variable Leak <4.41.0
CVE-2025-3911
- April 29, 2025
Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user.
Docker Desktop for Windows <4.41.0: Local Priv Esc via Config Manipulation
CVE-2025-3224
7.8 - High
- April 28, 2025
A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.
Docker Desktop <4.39.0 Log Disclosure of Proxy Info via Clear-Text Logs
CVE-2025-1696
- March 06, 2025
A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration datapotentially including sensitive detailswas written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk.
Docker Desktop <4.34.3 RCE via Unsanitized GitHub Link
CVE-2024-9348
- October 16, 2024
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
RCE via crafted extension description in Docker Desktop v<4.34.2
CVE-2024-8695
9.8 - Critical
- September 12, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
RCE via crafted extension publisher-url in Docker Desktop <4.34.2
CVE-2024-8696
9.8 - Critical
- September 12, 2024
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
Docker Desktop Windows <4.31.0 exec-path DoS via docker-users
CVE-2024-5652
5.5 - Medium
- July 09, 2024
In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.
RCE via Crafted Extension Description in Docker Desktop <4.12.0
CVE-2023-0625
9.8 - Critical
- September 25, 2023
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
Code Injection
Docker Desktop 4.11 & older: Installer Argument Injection LPE
CVE-2023-0633
7.8 - High
- September 25, 2023
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
Argument Injection
Docker Desktop 4.11.x LPE via IPC spoofing (--no-windows-containers flag)
CVE-2023-0627
7.8 - High
- September 25, 2023
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
Docker Desktop <4.23.0 Unprivileged ECI Bypass via Debug Shell
CVE-2023-5165
8.8 - High
- September 25, 2023
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.
AuthZ
Docker Desktop (<4.23.0): Access Token theft via crafted extension icon URL
CVE-2023-5166
6.5 - Medium
- September 25, 2023
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
Docker Desktop RCE via query parameters in message-box route (4.11)
CVE-2023-0626
9.8 - Critical
- September 25, 2023
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
Code Injection
Docker Desktop <4.6 (Win): TOCTOU File Overwrite via windowscontainers/start API
CVE-2022-38730
6.3 - Medium
- April 27, 2023
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.
insecure temporary file
Privilege Escalation via pidfile in Docker Desktop Win 4.6.0 API
CVE-2022-37326
7.8 - High
- April 27, 2023
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.
Docker Desktop Windows <4.6.0: Symlink Attack via dockerBackendV2 API
CVE-2022-34292
7.1 - High
- April 27, 2023
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.
insecure temporary file
Docker Desktop <4.6.0 Windows Symlink File Deletion via hyperv API
CVE-2022-31647
7.1 - High
- April 27, 2023
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
insecure temporary file
Docker Desktop 4.17.x Plain-HTTP Credential Leak (CVE-2023-1802)
CVE-2023-1802
7.5 - High
- April 06, 2023
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.
Cleartext Transmission of Sensitive Information
Docker Desktop <=4.16 Exec via Malicious docker-desktop:// URL
CVE-2023-0628
7.8 - High
- March 13, 2023
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
Command Injection
Docker Desktop <4.17.0 ECI Bypass via Raw Socket CLI Flag
CVE-2023-0629
7.1 - High
- March 13, 2023
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0.
Docker Desktop version 4.3.0 and 4.3.1 has a bug
CVE-2021-45449
5.5 - Medium
- January 12, 2022
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the users local files.
Insertion of Sensitive Information into Log File
com.docker.vmnetd in Docker Desktop 2.3.0.3
CVE-2020-15360
7.8 - High
- June 27, 2020
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Docker Desktop or by Docker? Click the Watch button to subscribe.
