Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability

Docker Desktop contains a local information disclosure vulnerability (ZDI-26-123) that allows low-privileged attackers to access sensitive information on affected systems. An attacker must already have the ability to execute code on the target machine to exploit this flaw, which has a CVSS severity rating of 5.5. Security teams should prioritize patching Docker Desktop installations and implementing access controls to limit code execution by untrusted users, while monitoring for any suspicious local activity on systems running this software.