Docker Desktop

13 CVEs affecting Docker Desktop. Latest disclosed: 2026-02-24. Critical: 2, High: 7.

Top CVEs affecting Docker Desktop
CVESeverityScorePublishedSummary
CVE-2024-8696Critical9.82024-09-12A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop befo…
CVE-2024-8695Critical9.82024-09-12A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34…
CVE-2026-2664High7.82026-02-24An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 c…
CVE-2025-3224High7.82025-04-28A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privilege…
CVE-2022-37326High7.82023-04-27Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling…
CVE-2021-37841High7.82021-08-12Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it…
CVE-2022-34292High7.12023-04-27Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling…
CVE-2022-31647High7.12023-04-27Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder param…
CVE-2024-6222High7.02024-07-09In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by pas…
CVE-2020-10665Medium6.72020-03-18Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, lead…
CVE-2022-38730Medium6.32023-04-27Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-ro…
CVE-2024-5652Medium6.12024-07-09In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon co…
CVE-2023-1802Medium5.92023-04-06In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targete…