Regulatory Triage ICT Providers

Docker

Dev Platforms & CI/CD

Period: 7d 14d 30d 90d

Open CVEs

Exploited

KEV

Unpatched

No Workaround

Internet-facing

Why this provider is risky now

This provider has 38 open CVE(s) in the last 14 days. 8 have no vendor patch. 34 affect internet-facing services. 9 impact the management/identity plane.

8 Unpatched 9 Mgmt / Admin Plane 2 No Workaround 34 Internet-facing

Top Risky CVEs

CVE-2026-46339

Act Now

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent attackers to execute arbitrary OS commands by chaining two unprotected API endpoints. The Next.js authentication middleware in src/proxy.js uses a narrow route allowlist that excludes /api/cli-tools/* and /api/mcp/*, letting an attacker register an arbitrary command via POST /api/cli-tools/cowork-settings and then trigger spawn() via GET /api/mcp/[plugin]/sse. Publicly available exploit code exists (PoC published with the GHSA advisory), with CVSS 10.0 reflecting maximum severity across confidentiality, integrity, and availability.

24 hours: Identify all applications in production and development using 9router versions 0.4.30-0.4.36; document systems exposed to untrusted networks; begin assessment of patching feasibility. 7 days: Check npm registry for patched version greater than 0.4.36 or evaluate alternative packages; if upgrade unavailable, implement network segmentation to restrict access to /api/cli-tools/* and /api/mcp/* endpoints; deploy Web Application Firewall rules if available. 30 days: Verify all vulnerable instances have been upgraded to patched version or replaced with secure alternative; audit application logs from past 30 days for exploitation patterns targeting the vulnerable endpoints.

Edge exposure ICT dependency Patched

Why flagged?

NIS2 Relevant

• CRITICAL severity
• Internet-facing (CWE-78: OS Command Injection)
• Third-party ICT: Docker
• Moderate evidence (PoC / elevated EPSS)

DORA Relevant

• CRITICAL severity
• ICT provider: Docker (Dev Platforms & CI/CD)

10.0

CVSS

Priority

CVE-2026-46695

Act Now

Sandbox escape in Boxlite versions prior to 0.9.0 lets untrusted code running inside the lightweight VM remount host-shared virtiofs directories from read-only to read-write, enabling arbitrary writes to host files that operators believed were protected. Because the container is granted all 41 Linux capabilities (including CAP_SYS_ADMIN), a trivial 'mount -o remount,rw' bypasses the client-side MS_RDONLY enforcement, and in AI-agent deployments this leads to host code execution by tampering with mounted code, virtualenvs, or credentials. Publicly available exploit code exists (working PoC published in the GHSA advisory) and the issue carries a CVSS 10.0 with scope change; no public exploit identified at time of analysis in CISA KEV.

24 hours: Audit all systems running Boxlite and document current versions; identify which deployments execute untrusted or AI-agent workloads. 7 days: Upgrade all Boxlite instances to version 0.9.0 or later; prioritize production AI-agent deployments. 30 days: Review host access logs and mount operations for evidence of exploitation; conduct threat assessment of any systems that executed untrusted code in vulnerable versions.

Edge exposure ICT dependency Management plane Patched

Why flagged?

NIS2 Relevant

• CRITICAL severity
• Internet-facing technique: authentication-bypass, rce
• Third-party ICT: Docker
• Management plane (Improper Access Control)
• Moderate evidence (PoC / elevated EPSS)

DORA Relevant

• CRITICAL severity
• ICT provider: Docker (Dev Platforms & CI/CD)
• Authentication / access control weakness

10.0

CVSS

Priority

CVE-2026-45663

Act Now

Unpatched

Command injection in Dokploy 0.29.1 and earlier allows authenticated users to execute arbitrary OS commands on the host by abusing the Docker file upload feature's unsanitized destinationPath parameter. The CVSS 9.9 score reflects scope change to the underlying host from a containerized context, and no public exploit identified at time of analysis though the GHSA advisory provides sufficient technical detail to reconstruct one.

Within 24 hours: Enumerate all Dokploy deployments running 0.29.1 or earlier; restrict file upload feature access to a minimal set of trusted administrators; enable comprehensive audit logging on all file upload operations. Within 7 days: Review upload logs for suspicious destinationPath patterns; implement network segmentation separating Dokploy infrastructure from production workloads and credential stores. Within 30 days: Establish continuous monitoring of GHSA advisory for patch release; develop tested migration plan to patched versions; deploy host-based endpoint detection and response (EDR) as interim control on all Dokploy systems.

Edge exposure ICT dependency No patch available

Why flagged?

NIS2 Relevant

• CRITICAL severity
• Internet-facing (CWE-77: Command Injection)
• Third-party ICT: Docker
• No patch available
• Moderate evidence (PoC / elevated EPSS)

DORA Relevant

• CRITICAL severity
• ICT provider: Docker (Dev Platforms & CI/CD)
• No remediation available

9.9

CVSS

0.2%

EPSS

Priority

CVE-2026-45633

Act Now

Unpatched

Authenticated command injection in Dokploy 0.26.6 and earlier enables any logged-in user to run arbitrary OS commands as root via the /docker-container-logs WebSocket endpoint. The tail and since parameters are concatenated into shell commands without validation, yielding a CVSS 9.9 (Scope:Changed) issue affecting this self-hosted PaaS. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

24 hours: Restrict network access to /docker-container-logs WebSocket endpoint via firewall; audit and validate all active user sessions; enable MFA on all accounts. 7 days: Implement WAF or firewall rules blocking shell command injection patterns in WebSocket parameters; establish continuous monitoring for WebSocket-based exploitation attempts; identify all affected Dokploy instances and document versions in deployment inventory. 30 days: Apply vendor-released patch immediately upon availability; if patch unavailable after 30 days, escalate remediation decision to executive leadership and prepare mitigation plan including system isolation or alternative deployment solutions.

Edge exposure ICT dependency No patch available

Why flagged?

NIS2 Relevant

• CRITICAL severity
• Internet-facing (CWE-78: OS Command Injection)
• Third-party ICT: Docker
• No patch available
• Moderate evidence (PoC / elevated EPSS)

DORA Relevant

• CRITICAL severity
• ICT provider: Docker (Dev Platforms & CI/CD)
• No remediation available

9.9

CVSS

0.2%

EPSS

Priority

CVE-2026-46670

Act Now

Unauthenticated SQL injection in YesWiki's Bazar form-import path allows any remote visitor to inject arbitrary SQL into an INSERT statement and exfiltrate the entire database, including yeswiki_users.password hashes. Affects YesWiki 4.6.1, 4.6.2, and the doryphore-dev branch prior to 4.6.4. Publicly available exploit code exists (a working Python PoC is published in the GHSA advisory), though no public exploit identified in CISA KEV at time of analysis.

Within 24 hours: Inventory all YesWiki deployments and identify instances running versions 4.6.1, 4.6.2, or early doryphore-dev branch; assess internet exposure. Within 7 days: Implement compensating controls (WAF rules blocking form-import requests, network segmentation, disable form-import feature if operationally feasible). Within 30 days: Monitor vendor advisories for patch release and apply immediately upon availability; if no patch timeline established within 30 days, prepare upgrade plan or evaluate alternative wiki platforms.

Edge exposure ICT dependency Patched

Why flagged?

NIS2 Relevant

• CRITICAL severity
• Internet-facing (CWE-89: SQL Injection)
• Third-party ICT: Docker
• Moderate evidence (PoC / elevated EPSS)

DORA Relevant

• CRITICAL severity
• ICT provider: Docker (Dev Platforms & CI/CD)

9.8

CVSS

Priority

CVE-2026-45628

Act Now

Unpatched

Command injection in Dokploy 0.29.2 and earlier allows authenticated users with application create/edit permissions to execute arbitrary shell commands on the host by injecting metacharacters into branch names, repository URLs, or Docker credentials. The flaw stems from unsanitized template-literal interpolation passed to child_process.exec(), and at time of analysis no public exploit identified at time of analysis, but the vendor security advisory GHSA-3frc-cfh9-ch2c documents the issue.

Within 24 hours: Inventory all Dokploy deployments and identify users with application create/edit permissions. Within 7 days: Restrict application create/edit permissions to a minimal set of trusted administrators; implement input validation on branch names, repository URLs, and Docker credential fields if possible through configuration. Within 30 days: Monitor vendor advisory GHSA-3frc-cfh9-ch2c for patch availability and plan immediate upgrade upon release; evaluate alternative deployment platforms if no patch timeline is provided by vendor.

Edge exposure ICT dependency No patch available

Why flagged?

NIS2 Relevant

• CRITICAL severity
• Internet-facing (CWE-20: Improper Input Validation)
• Third-party ICT: Docker
• No patch available
• Moderate evidence (PoC / elevated EPSS)

DORA Relevant

• CRITICAL severity
• ICT provider: Docker (Dev Platforms & CI/CD)
• No remediation available

9.6

CVSS

0.0%

EPSS

Priority

CVE-2026-10042

Act Now

{method_name} and /simple_execute/{method_name} endpoints, which call pickle.loads() on raw HTTP request bodies. The flaw scored CVSS 4.0 of 9.2 and has an upstream fix in commit d7441481, but no public exploit was identified at time of analysis; risk is amplified by the default Docker image running as root, leading to full container compromise.

Within 24 hours: Identify and inventory all affected service deployments. Within 7 days: Apply patch including fix commit d7441481 or later vendor-released version. Within 30 days: Implement firewall rules restricting network access to vulnerable endpoints and audit Docker configurations to eliminate unnecessary root privileges.

Edge exposure ICT dependency Patched

Why flagged?

NIS2 Relevant

• CRITICAL severity
• Internet-facing (CWE-502: Deserialization of Untrusted Data)
• Third-party ICT: Docker
• Strong evidence (KEV / high EPSS / multi-source)

DORA Relevant

• CRITICAL severity
• ICT provider: Docker (Dev Platforms & CI/CD)

9.2

CVSS

0.4%

EPSS

Priority

CVE-2026-6406

This Week

Enhanced Container Isolation (ECI) bypass in Docker Desktop allows a local low-privileged user with Docker CLI access to mount the Docker Engine socket into a container by invoking the --use-api-socket flag, granting full Docker Engine control and exposure of registry credentials. The flaw stems from the API proxy inspecting only HostConfig.Binds while the flag routes the mount through HostConfig.Mounts, slipping past ECI policy. No public exploit identified at time of analysis, but the issue was reported by Docker itself and disclosed via ZDI (ZDI-26-299).

Within 24 hours: Inventory all Docker Desktop installations and identify users with Docker CLI permissions; disable the --use-api-socket flag or implement OS-level restrictions preventing its use. Within 7 days: Implement role-based access controls limiting Docker CLI access to designated administrators; rotate any registry credentials stored on affected systems. Within 30 days: Monitor Docker Security Advisories for patch availability; evaluate container runtime alternatives if patch timeline is unacceptable.

Edge exposure ICT dependency Management plane Patched

Why flagged?

NIS2 Relevant

• HIGH severity
• Internet-facing technique: authentication-bypass
• Third-party ICT: Docker
• Management plane (Incorrect Authorization)
• Strong evidence (KEV / high EPSS / multi-source)

DORA Relevant

• HIGH severity
• ICT provider: Docker (Dev Platforms & CI/CD)
• Authentication / access control weakness

8.8

CVSS

0.0%

EPSS

Priority

CVE-2026-45805

This Week

Unauthenticated remote code execution in Penpot MCP module's ReplServer (npm @penpot/mcp < 2.15.0) allows anyone on the adjacent network to POST arbitrary JavaScript to a `/execute` endpoint and have it executed by the Node.js process. The flaw stems from Express defaulting the listen() bind address to 0.0.0.0 instead of localhost, combined with a complete absence of authentication on the REPL endpoint. No public exploit identified at time of analysis beyond the reporter's working PoC included in the GHSA advisory.

24 hours: Inventory all systems running @penpot/mcp < 2.15.0 and verify current version in use. Determine if the ReplServer is exposed on network interfaces. 7 days: Implement firewall rules and network segmentation to restrict access to the affected service to trusted hosts only; consider network-level authentication via VPN or IP allowlisting if removal is not feasible. 30 days: Monitor official Penpot advisories for patch release and plan immediate upgrade path to version 2.15.0 or later upon availability.

Edge exposure ICT dependency Patched

Why flagged?

NIS2 Relevant

• HIGH severity
• Internet-facing technique: rce
• Third-party ICT: Docker
• Moderate evidence (PoC / elevated EPSS)

DORA Relevant

• HIGH severity
• ICT provider: Docker (Dev Platforms & CI/CD)

8.8

CVSS

Priority

CVE-2026-47125

This Week

{id}/templates/variables endpoint, which lacks the checkAdmin() guard applied to every other admin-sensitive handler. Because global variables are merged into every project's compose file at deploy time, an attacker can redirect image pulls to a malicious registry to achieve cross-tenant supply-chain code execution on the Docker host, steal credentials from other users' deployments, or break every project on the instance. No public exploit identified at time of analysis, but the GHSA advisory documents the exact vulnerable code path.

Within 24 hours: Audit access logs for PUT requests to /api/environments/{id}/templates/variables endpoint and verify user role assignments in the Arcane platform. Within 7 days: Implement network controls (API gateway, reverse proxy, or WAF rules) to restrict non-admin access to the vulnerable endpoint and enable alerting on global variable modifications. Within 30 days: Monitor vendor advisory channels for patch availability; if no patch released within 60 days, evaluate architectural redesign to isolate tenant deployments or migration to alternative container orchestration platforms with stronger multitenancy isolation.

Edge exposure ICT dependency Management plane Patched

Why flagged?

NIS2 Relevant

• HIGH severity
• Internet-facing technique: authentication-bypass
• Third-party ICT: Docker
• Management plane (Missing Authorization)
• Moderate evidence (PoC / elevated EPSS)

DORA Relevant

• HIGH severity
• ICT provider: Docker (Dev Platforms & CI/CD)
• Authentication / access control weakness

8.8

CVSS

0.0%

EPSS

Priority

By Exposure

Internet-facing

Mgmt / Admin Plane

Identity / Auth

Internal only

By Exploitability

Known exploited

Public PoC

High EPSS (>30%)

Remote unauthenticated

Local only

By Remediation

Patch available

No patch

Workaround available

No workaround

Affected Services / Product Families

Docker

38 CVE(s)

CVE-2026-45626 MEDIUM Unpatched

CVE-2026-45627 HIGH Patched

CVE-2026-45298 HIGH Unpatched

CVE-2026-45678 HIGH Patched

CVE-2026-45679 MEDIUM Patched

CVE-2026-42306 HIGH Patched

CVE-2026-41568 MEDIUM Patched

CVE-2026-41567 HIGH Patched

CVE-2026-45707 HIGH Patched

CVE-2026-45553 HIGH Patched

+ 28 more

Recommended Actions

Evaluate compensating controls for 2 unpatched CVE(s) with no workaround Review WAF/firewall rules for 34 internet-facing CVE(s) Audit authentication and access control for 9 management-plane CVE(s) Track Docker vendor advisories for remediation timeline