ZDI 2026-04-15

ZDI-26-258: (0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability

Machine-generated analysis · WAYSCloud LLM

The vulnerability requires prior execution of high-privileged container code to exploit. The advisory assigns a CVSS rating of 8.2.

Context

Docker Desktop for Windows is affected by a local privilege escalation vulnerability in its extension-manager component. The source describes a condition where attackers with existing high-privileged code execution in a container could escalate privileges. The advisory notes that exploitation requires a specific pre-existing condition within the container environment.

Operator considerations

The source does not provide enough basis for specific operator guidance beyond general container security practices.

From Zero Day Initiative ↗

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2.

Read the full advisory on ZDI →