PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-6406 Docker CVE debrief

A vulnerability in Docker Desktop's Enhanced Container Isolation (ECI) feature allows local attackers to bypass container restrictions and gain unauthorized access to the Docker Engine socket. The flaw exists because ECI enforcement in the Docker Desktop API proxy only inspected the HostConfig.Binds field for Docker socket mounts, while the --use-api-socket CLI flag added mounts via the HostConfig.Mounts field instead. This inspection gap permitted containers to obtain full Docker socket access, including potential exposure of registry authentication credentials if the host user had logged in. The issue affects Docker Desktop versions 4.41.0 through 4.58.x and was resolved in version 4.59.0.

Vendor
Docker
Product
Docker Desktop
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-22
Original CVE updated
2026-05-29
Advisory published
2026-05-22
Advisory updated
2026-05-29

Who should care

Organizations using Docker Desktop with Enhanced Container Isolation for security boundary enforcement, particularly in multi-user or developer workstation environments where local access controls may vary. Security teams relying on ECI as a compensating control for container privilege restrictions should prioritize patching.

Technical summary

The vulnerability stems from an incomplete enforcement check in Docker Desktop's API proxy when Enhanced Container Isolation is active. ECI is designed to deny Docker socket mounts from containers unless explicitly permitted through admin-settings configuration. The enforcement logic specifically examined the HostConfig.Binds field to identify and block unauthorized socket mounts. However, the Docker CLI --use-api-socket flag injects the Docker socket mount through the HostConfig.Mounts field instead of Binds. Because the API proxy did not inspect Mounts for ECI policy violations, the mount was not intercepted. A container with the mounted socket gains full access to the Docker Engine API, enabling container escape, host-level operations, and access to registry authentication tokens stored in the Docker credential store. The attack requires local access and ability to execute Docker CLI commands, with no user interaction needed during exploitation.

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade Docker Desktop to version 4.59.0 or later to obtain the corrected ECI enforcement logic.
  • Verify that Enhanced Container Isolation is enabled in Docker Desktop settings for environments requiring strict container boundaries.
  • Audit container runtime configurations for unexpected Docker socket mounts in HostConfig.Mounts fields.
  • Review and rotate any container registry credentials that may have been exposed on affected systems.
  • Restrict local Docker CLI access to authorized administrators where ECI policies are enforced.

Evidence notes

The NVD record indicates Docker Desktop versions from 4.41.0 up to but not including 4.59.0 are vulnerable. Docker's release notes for version 4.59.0 document the fix. A third-party advisory from Zero Day Initiative (ZDI-26-299) corroborates the vulnerability details. The CVSS 4.0 vector reflects high impacts across confidentiality, integrity, and availability for both the vulnerable component and subsequent systems.

Official resources

2026-05-22