Description
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist.
Published: 2026-06-18
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Docker Sandboxes blocks ICMP egress with an authorizer applied only at network creation; the authorizer is not reapplied to networks rebuilt after the Docker daemon restarts. A workload inside a sandbox, treated as untrusted, can send ICMP packets to arbitrary hosts, performing network reconnaissance and transmitting data covertly over ICMP. This bypass of the documented egress block enables an attacker to gather information and exfiltrate data from the host system using standard ICMP protocols.

Affected Systems

Docker Sandboxes, any version that does not include the fix for the authorizer reapplication bug (prior to the release that addressed this vulnerability).

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity. EPSS is less than 1%, indicating a very low but nonzero exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector involves a Docker daemon restart that rebuilds existing sandbox networks from disk, allowing outbound ICMP traffic to any external host. Although not immediately exploitable without a restart, the limitation can be leveraged by a persistent attacker who can schedule or trigger a restart, making the vulnerability moderate but still concerning for environments that rely on strict ICMP block enforcement.

Generated by OpenCVE AI on June 30, 2026 at 17:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Docker Sandboxes to the latest version that includes the fix for the ICMP egress authorizer reapplication bug
  • If an update is not possible, configure an additional firewall rule or container network policy to block outbound ICMP traffic from untrusted workloads
  • After a Docker daemon restart, manually enforce ICMP restrictions on rebuilt networks or monitor for unauthorized ICMP traffic to detect potential bypasses

Generated by OpenCVE AI on June 30, 2026 at 17:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Docker sandboxes
CPEs cpe:2.3:a:docker:sandboxes:*:*:*:*:*:*:*:*
Vendors & Products Docker sandboxes
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Docker
Docker docker Sandboxes
Vendors & Products Docker
Docker docker Sandboxes

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist.
Title Docker Sandboxes ICMP egress restriction bypass after daemon restart
Weaknesses CWE-665
CWE-923
References
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Subscriptions

Docker Docker Sandboxes Sandboxes
cve-icon MITRE

Status: PUBLISHED

Assigner: Docker

Published:

Updated: 2026-06-30T16:33:30.940Z

Reserved: 2026-06-17T15:31:11.749Z

Link: CVE-2026-12539

cve-icon Vulnrichment

Updated: 2026-06-18T14:55:59.351Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T18:00:06Z

Weaknesses
  • CWE-665

    Improper Initialization

  • CWE-923

    Improper Restriction of Communication Channel to Intended Endpoints