Docker Sandboxes
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Docker Sandboxes.
By the Year
In 2026 there have been 2 vulnerabilities in Docker Sandboxes.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 0.00 |
It may take a day or so for new Sandboxes vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Docker Sandboxes Security Vulnerabilities
Docker Sandbox ICMP Egress Bypass Through Daemon Restart
CVE-2026-12539
- June 18, 2026
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist.
Improper Restriction of Communication Channel to Intended Endpoints
Docker Sandbox DNS Exfil via Resolver Bypass
CVE-2026-12039
- June 18, 2026
Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.
Improper Restriction of Communication Channel to Intended Endpoints
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Docker Sandboxes or by Docker? Click the Watch button to subscribe.