Docker Sandbox ICMP Egress Bypass Through Daemon Restart
CVE-2026-12539 Published on June 18, 2026

Docker Sandboxes ICMP egress restriction bypass after daemon restart
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist.

NVD

Weakness Types

Improper Restriction of Communication Channel to Intended Endpoints

The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

Improper Initialization

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.


Products Associated with CVE-2026-12539

Want to know whenever a new CVE is published for Docker? stack.watch will email you.

 

Affected Versions

Docker Sandboxes: