ZDI 2026-04-23

ZDI-26-299: Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability

CVE-2026-6406

Machine-generated analysis · WAYSCloud LLM

The vulnerability requires initial code execution within a container to escalate privileges on Docker Desktop.

Context

Docker Desktop's Enhanced Container Isolation is affected by a local privilege escalation vulnerability. The flaw allows attackers with low-privileged code execution inside a container to escalate privileges. The advisory notes that exploitation impacts the host system through the container isolation mechanism. Worth noting is that the attack scenario assumes prior access to execute code in a container.

Operator considerations

Check: Determine if Docker Desktop with Enhanced Container Isolation is deployed.

From Zero Day Initiative ↗

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code within a container in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-6406.

Read the full advisory on ZDI →