Docker Desktop
-
Docker flaw lets attackers bypass authorization plugins in some setups
Docker disclosed a high-severity flaw in Engine that could let attackers bypass authorization plugins in some setups. The issue, tracked as CVE-2026-34040, was patched in version 29.3.1 and linked to an incomplete fix for an earlier bug.
-
Critical Docker Desktop vulnerability could let attackers hijack Windows hosts, researchers say
A critical vulnerability in Docker Desktop for Windows and macOS could allow attackers to hijack the host by running a malicious container, even with Enhanced Container Isolation, tracked as CVE-2025-9074 (SSRF) and rated 9.3. The flaw has been patched in Docker Desktop 4.44.3, after demonstrations of a PoC that could access the Docker Engine from…
