CVE-2026-41568 Overview
CVE-2026-41568 is a race condition vulnerability in the Moby and Docker Engine container framework. The flaw exists in the docker cp mount setup logic and allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem. The issue affects Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14. Exploitation requires local access and user interaction, and the attack complexity is high. Successful exploitation can compromise host integrity and availability, enabling container-to-host escape scenarios that affect components beyond the container boundary.
Critical Impact
A malicious container can write empty files or directories to arbitrary host paths during docker cp operations, undermining host integrity and enabling denial-of-service conditions against critical system files.
Affected Products
- Docker Engine versions prior to 29.5.1
- Moby Daemon versions prior to 2.0.0-beta.14 (including beta0 through beta13)
- Docker Daemon versions 28.5.2 and prior
Discovery Timeline
- 2026-06-12 - CVE-2026-41568 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2026-41568
Vulnerability Analysis
The vulnerability resides in the mount setup sequence executed by the Docker daemon when handling docker cp operations. A malicious container can exploit a timing window between path resolution and mount completion. During this window, the daemon can be coerced into operating on attacker-controlled paths outside the container's filesystem namespace. The result is the creation of empty files or directories at arbitrary absolute paths on the host. While the vulnerability does not directly expose host data confidentiality, it impacts integrity and availability by allowing attackers to plant files in sensitive host locations or disrupt services that rely on specific filesystem state.
Root Cause
The root cause is a Time-of-Check Time-of-Use (TOCTOU) race condition in the docker cp mount setup code path. The daemon validates the target path and performs the mount operation in separate, non-atomic steps. A concurrent process inside a malicious container can manipulate path components between these steps, redirecting filesystem operations outside the intended container scope.
Attack Vector
Exploitation requires an attacker to control a container running on the targeted Docker host and to coerce a user or administrator into executing a docker cp command against that container. The attacker races the daemon during mount setup to redirect the operation to an absolute host path. Because the attack requires local privileges, user interaction, and precise timing, the attack complexity is high. The scope change reflects the cross-boundary impact: a confined container process influences resources on the host system. See the GitHub Security Advisory GHSA-vp62-88p7-qqf5 for additional technical context.
Detection Methods for CVE-2026-41568
Indicators of Compromise
- Unexpected empty files or directories appearing at sensitive host paths such as /etc, /var, /usr/local, or system unit directories
- docker cp operations executed against untrusted or recently created containers in audit logs
- Anomalous filesystem events on the host correlated in time with container cp activity
Detection Strategies
- Monitor Docker daemon logs for docker cp invocations targeting containers from untrusted images or untrusted users
- Enable Linux audit rules (auditd) on critical host directories to capture unexpected file creation events originating from the dockerd process
- Correlate container runtime events with host filesystem changes to identify boundary-crossing writes
Monitoring Recommendations
- Track installed Docker Engine and Moby Daemon versions across the fleet to identify unpatched hosts
- Alert on creation of zero-byte files in protected system directories outside of normal package management activity
- Review container image provenance and restrict docker cp usage against containers built from untrusted sources
How to Mitigate CVE-2026-41568
Immediate Actions Required
- Upgrade Docker Engine to version 29.5.1 or later on all affected hosts
- Upgrade Moby Daemon to version 2.0.0-beta.14 or later where applicable
- Audit existing containers for untrusted images and restrict docker cp use against them until patches are applied
- Limit Docker socket access to trusted administrators to reduce the local attack surface
Patch Information
The issue is patched in Docker Engine version 29.5.1 and Moby Daemon version 2.0.0-beta.14. Refer to the Moby Security Advisory GHSA-vp62-88p7-qqf5 for full patch details and version metadata.
Workarounds
- Avoid running docker cp against containers built from untrusted images until the host is patched
- Enforce strict image provenance policies and signed images to reduce the likelihood of running malicious containers
- Apply mandatory access controls (AppArmor, SELinux) on the Docker daemon to constrain filesystem writes outside expected paths
# Verify the installed Docker Engine version
docker version --format '{{.Server.Version}}'
# Example upgrade on Debian/Ubuntu systems
sudo apt-get update
sudo apt-get install --only-upgrade docker-ce docker-ce-cli containerd.io
# Confirm the patched version is active
docker version --format '{{.Server.Version}}'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

