Skip to main content
ZDI-26-363 HIGH 8.6 Published Jun 24, 2026

Docker MCP Plugin OCI Image Label Parsing Argument Injection Remote Code Execution Vulnerability

Docker

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Docker MCP Plugin. User interaction is required to exploit this vulnerability in that the target must reference a malicious Docker image via a docker URI scheme. The ZDI has assigned a CVSS rating of 8.6.

Related CVEs

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy