Every CVE whose affected-product data names Docker Docker Desktop, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2026-6406 — CVSS 8.8 (high): The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled…
CVE-2026-5843 — CVSS 8.2 (high): The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary…
CVE-2026-5817 — CVSS 8.2 (high): The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers…
CVE-2023-5166 — CVSS 8.0 (high): Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
CVE-2023-0626 — CVSS 8.0 (high): Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before…
CVE-2023-0625 — CVSS 8.0 (high): Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop…
CVE-2020-11492 — CVSS 7.8 (high): An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting…
CVE-2020-15360 — CVSS 7.8 (high): com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.
CVE-2025-13743 — CVSS 7.5 (high): Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a…
CVE-2023-0633 — CVSS 7.2 (high): In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue…
CVE-2022-26659 — CVSS 7.1 (high): Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a…
CVE-2023-0629 — CVSS 7.1 (high): Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker…
CVE-2023-5165 — CVSS 7.1 (high): Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell…
CVE-2023-0627 — CVSS 6.7 (medium): Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation…
CVE-2023-0628 — CVSS 6.1 (medium): Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization…
CVE-2021-45449 — CVSS 5.5 (medium): Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during…