Multiple Docker and Docker Desktop Model Runner Flaws Enable Code Execution
dCERT published advisory 2026-1556 warning of multiple vulnerabilities in Docker, followed by advisory 2026-1631 covering Docker Desktop Model Runner flaws that can allow code execution. The notices indicate that security issues affect both the core container ecosystem and a Docker Desktop component used for model execution, expanding the potential attack surface across developer and workstation environments.
The paired advisories highlight a broader risk to organizations relying on Docker tooling: attackers may be able to exploit multiple weaknesses to run unauthorized code on affected systems. Security teams using Docker or Docker Desktop should review the impacted products and versions referenced in the dCERT advisories, prioritize patching, and assess whether developer endpoints or container-management workflows are exposed to these vulnerabilities.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
dCERT publishes advisory 2026-1631 on Docker Desktop Model Runner flaws
dCERT issued advisory 2026-1631 warning that multiple vulnerabilities in Docker Desktop Model Runner could allow code execution. The reference indicates the advisory was published on 2026-05-26.
dCERT publishes advisory 2026-1556 for multiple Docker vulnerabilities
dCERT issued advisory 2026-1556 covering multiple vulnerabilities affecting Docker. The reference indicates the advisory was published on 2026-05-19.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Docker and Docker Desktop Flaws Expose Systems to Security Bypass Risks
German authorities issued advisories for **multiple vulnerabilities in Docker** and a separate **Docker Desktop flaw that allows security measures to be bypassed**, highlighting security risks across both the container engine ecosystem and the desktop management platform. The notices identify Docker broadly as affected in one case, while the other specifically warns that Docker Desktop contains a vulnerability that could let attackers circumvent intended protections. The paired advisories indicate that organizations using Docker in development or production environments may face exposure from both general software weaknesses and a more targeted bypass issue in Docker Desktop. Security teams should review affected versions, assess where Docker and Docker Desktop are deployed, and prioritize vendor guidance and patching to reduce the risk of unauthorized access or weakened container security controls.
Apr 24, 2026
Docker Desktop for Windows 0-Days Enable Host Privilege Escalation From Containers
Zero Day Initiative disclosed two **Docker Desktop for Windows** privilege-escalation flaws after Docker rejected the reports as outside its threat model. The first issue, tracked as **ZDI-26-258** / `ZDI-CAN-27229`, affects the `extension-manager` component and is caused by an exposed dangerous function in Docker Extensions. ZDI said an attacker who can already execute high-privileged code inside a container could exploit the flaw to run arbitrary code on the Windows host as **SYSTEM**. The advisory lists no assigned CVE and a **CVSS 8.2** score, and credits **Nitesh Surana of TrendAI Research** with the discovery. A second advisory, **ZDI-26-260** / `ZDI-CAN-27571`, describes an uncontrolled search path issue in the Docker Desktop `system/editor` endpoint caused by execution of a program from an unsecured location. ZDI said exploitation requires an attacker to first escape the container and execute high-privileged code inside the Docker **Hyper-V VM**, after which arbitrary code can be run on the host in the context of the current user; the flaw carries a **CVSS 7.5** score. The issue was reported to Docker in July 2025 by **Nitesh Surana and Nelson William Gamazo Sanchez of TrendAI Research**, but was later published as a 0-day after the vendor declined to address it because it depended on prior privileged access.
May 25, 2026
Critical runC Vulnerabilities Enable Full Container Escape and Host Compromise
Security researchers have disclosed three critical vulnerabilities in the runC container runtime, which is widely used in platforms such as Docker and Kubernetes. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, arise from logic and race-condition errors in runC's handling of temporary bind mounts, symbolic links, and certain write operations. Attackers can exploit these weaknesses to break container isolation, potentially gaining write access to sensitive host system files and kernel interfaces such as `/proc/sys/kernel/core_pattern` or `/proc/sysrq-trigger`, leading to full container escapes and even host-level compromise. The vulnerabilities allow attackers to abuse masked paths, console bind-mounts, and redirected writes, bypassing standard hardening and isolation controls. Exploitation requires either custom mount configurations or the use of untrusted container images, but the risk is significant for orchestrated environments like Docker and Kubernetes. Security advisories from both the runC project and the U.S. National Vulnerability Database urge immediate updates to patched versions or the application of provided patches to mitigate these threats. The vulnerabilities highlight the importance of robust container runtime security and the potential impact of logic flaws in core infrastructure components.
Mar 21, 2026