Docker Desktop
13 CVEs affecting Docker Desktop. Latest disclosed: 2026-02-24. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-8696 | Critical | 9.8 | 2024-09-12 | A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop befo… |
CVE-2024-8695 | Critical | 9.8 | 2024-09-12 | A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34… |
CVE-2026-2664 | High | 7.8 | 2026-02-24 | An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 c… |
CVE-2025-3224 | High | 7.8 | 2025-04-28 | A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privilege… |
CVE-2022-37326 | High | 7.8 | 2023-04-27 | Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling… |
CVE-2021-37841 | High | 7.8 | 2021-08-12 | Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it… |
CVE-2022-34292 | High | 7.1 | 2023-04-27 | Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling… |
CVE-2022-31647 | High | 7.1 | 2023-04-27 | Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder param… |
CVE-2024-6222 | High | 7.0 | 2024-07-09 | In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by pas… |
CVE-2020-10665 | Medium | 6.7 | 2020-03-18 | Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, lead… |
CVE-2022-38730 | Medium | 6.3 | 2023-04-27 | Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-ro… |
CVE-2024-5652 | Medium | 6.1 | 2024-07-09 | In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon co… |
CVE-2023-1802 | Medium | 5.9 | 2023-04-06 | In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targete… |