SSRF in Docker Model-runner

CVE-2026-33990

Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (9.9th percentile) — read the EPSS interpretation.