Description
Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.
Published: 2026-06-18
Score: 5.7 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Docker Sandboxes enforce an HTTP/HTTPS egress allowlist but leave DNS resolution unfiltered. The embedded DNS server forwards any query to the host resolver when the network is internet‑connected, ignoring policy. Inside an untrusted workload, malicious data can be embedded in DNS labels and sent to an attacker‑controlled domain, providing a covert exfiltration channel.

Affected Systems

Docker Sandboxes. No specific version information is supplied, so the impact applies to all releases that include the unfiltered DNS behavior.

Risk and Exploitability

The CVSS score of 5.7 indicates moderate risk. EPSS is not available and the vulnerability is not listed in CISA KEV. The attack vector is likely an internal, untrusted sandbox workload that can reach external DNS; the attacker requires control of a domain to receive the exfiltrated data. Because DNS traffic easily bypasses HTTP/HTTPS policies, the vulnerability permits data exfiltration even when network egress is otherwise restricted.

Generated by OpenCVE AI on June 18, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Docker Sandbox to the latest release that implements DNS filtering.
  • Configure the host to block external DNS resolution from sandbox networks, or enforce a strict DNS allowlist.
  • Apply network policies that restrict outbound DNS queries from sandbox workloads.

Generated by OpenCVE AI on June 18, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.
Title Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution
Weaknesses CWE-923
References
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Docker

Published:

Updated: 2026-06-18T15:00:24.095Z

Reserved: 2026-06-11T19:23:44.967Z

Link: CVE-2026-12039

cve-icon Vulnrichment

Updated: 2026-06-18T15:00:11.463Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T18:00:11Z

Weaknesses
  • CWE-923

    Improper Restriction of Communication Channel to Intended Endpoints