Description
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.

A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.
Published: 2026-05-22
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation enforcement in Docker Desktop. When ECI is enabled, container Docker socket mounts are denied unless explicitly allowed. The flag adds the socket mount through the HostConfig.Mounts field, which the ECI proxy only inspects for Binds, allowing the mount to pass unchecked. This grants the container full access to the Docker Engine socket and any credentials stored by the host user, enabling the container to issue arbitrary Docker commands on the host and potentially elevate privileges.

Affected Systems

This vulnerability affects Docker Desktop for any version running Enhanced Container Isolation prior to version 4.59.0. Users who can execute Docker CLI commands with the --use-api-socket flag on the host are at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity and a local attack vector. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog; however, the flaw enables privileged host actions for attackers who can run Docker CLI locally. The exploitation requires a local user with Docker command access, but it can lead to full system compromise by allowing manipulation of the Docker Engine and stored credentials.

Generated by OpenCVE AI on May 22, 2026 at 20:22 UTC.

Remediation

Vendor Workaround

Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host.

OpenCVE Recommended Actions

  • Upgrade Docker Desktop to version 4.59.0 or later.
  • Restrict Docker CLI execution to a trusted administrator group or enforce an ACL that blocks general users from running Docker commands until a patch is available.
  • Ensure Enhanced Container Isolation is enabled and review the admin‑settings configuration to deny unapproved Docker socket mounts, or disable ECI entirely while awaiting a fix.

Generated by OpenCVE AI on May 22, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 22 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Docker
Docker docker Desktop
Vendors & Products Docker
Docker docker Desktop

Fri, 22 May 2026 19:15:00 +0000

Type Values Removed Values Added
Description The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials. A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.
Title Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Docker Docker Desktop
cve-icon MITRE

Status: PUBLISHED

Assigner: Docker

Published:

Updated: 2026-05-23T03:56:00.655Z

Reserved: 2026-04-15T21:42:36.201Z

Link: CVE-2026-6406

cve-icon Vulnrichment

Updated: 2026-05-22T19:48:36.707Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T20:30:06Z

Weaknesses