What is the CVSS score of EUVD-2026-31484?

EUVD-2026-31484 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Docker Desktop are affected by EUVD-2026-31484?

Docker Desktop vulnerability CVE-2026-6406 enables local users to bypass container isolation and gain full Docker Engine access, exposing registry credentials and enabling lateral movement.. A patch is available.

Docker Desktop EUVD-2026-31484

| CVE-2026-6406 HIGH

Incorrect Authorization (CWE-863)

2026-05-22 Docker

GHSA-3f9v-226v-2qc9

Authentication Bypass Docker Docker Desktop

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 26, 2026 - 14:16 EUVD

Analysis Generated

May 22, 2026 - 19:30 vuln.today

DescriptionNVD

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.

A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.

AnalysisAI

Enhanced Container Isolation (ECI) bypass in Docker Desktop allows a local low-privileged user with Docker CLI access to mount the Docker Engine socket into a container by invoking the --use-api-socket flag, granting full Docker Engine control and exposure of registry credentials. The flaw stems from the API proxy inspecting only HostConfig.Binds while the flag routes the mount through HostConfig.Mounts, slipping past ECI policy. …

RemediationAI

Within 24 hours: Inventory all Docker Desktop installations and identify users with Docker CLI permissions; disable the --use-api-socket flag or implement OS-level restrictions preventing its use. Within 7 days: Implement role-based access controls limiting Docker CLI access to designated administrators; rotate any registry credentials stored on affected systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-31484 vulnerability details – vuln.today

Back

Docker Desktop EUVD-2026-31484

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code