Skip to main content

Pentagi

1 CVEs product

Monthly

CVE-2026-14784 MEDIUM PATCH This Month

Sandbox boundary enforcement failure in PentAGI (vxcontrol) versions up to 2.1.0 allows authenticated remote users to break Docker containment controls via the Docker API client component in `backend/pkg/docker/client.go`, enabling limited information disclosure and unauthorized low-impact modifications within the Docker environment. The CVSS 4.0 vector (PR:L, AV:N, AC:L) confirms low-privilege network-reachable exploitation with no user interaction required, though all impact metrics remain Low and no host-level breakout is indicated. No public exploit code exists and this vulnerability is not listed in CISA KEV; an upstream fix is pending as an unmerged GitHub pull request.

Information Disclosure Docker Pentagi
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Sandbox boundary enforcement failure in PentAGI (vxcontrol) versions up to 2.1.0 allows authenticated remote users to break Docker containment controls via the Docker API client component in `backend/pkg/docker/client.go`, enabling limited information disclosure and unauthorized low-impact modifications within the Docker environment. The CVSS 4.0 vector (PR:L, AV:N, AC:L) confirms low-privilege network-reachable exploitation with no user interaction required, though all impact metrics remain Low and no host-level breakout is indicated. No public exploit code exists and this vulnerability is not listed in CISA KEV; an upstream fix is pending as an unmerged GitHub pull request.

Information Disclosure Docker Pentagi
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy