Vulnerability in Docker Sandboxes
CVE-2026-12039
Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without…
Affected products
- Docker Sandboxes — versions 0.13.0
Weakness classification (CWE)
References
- security@docker.com (product)
- security@docker.com (release-notes)