CVE-2026-6406 Overview
CVE-2026-6406 is an authorization bypass vulnerability in Docker Desktop that allows a local attacker to circumvent Enhanced Container Isolation (ECI) restrictions. The Docker CLI --use-api-socket flag mounts the Docker socket through the HostConfig.Mounts field instead of HostConfig.Binds. The ECI enforcement logic in the Docker Desktop API proxy only inspects Binds, so the socket mount passes unchecked. A local user able to run Docker CLI commands gains full access to the Docker Engine socket and any container registry credentials cached by the host user. The flaw is tracked under [CWE-863: Incorrect Authorization].
Critical Impact
Local attackers can escape ECI restrictions, control the Docker Engine, steal registry credentials, and escalate privileges on the host.
Affected Products
- Docker Desktop versions prior to 4.59.0
- Docker CLI when used with the --use-api-socket flag
- Environments relying on Enhanced Container Isolation (ECI) for tenant separation
Discovery Timeline
- 2026-05-22 - CVE-2026-6406 published to NVD
- 2026-05-22 - Last updated in NVD database
Technical Details for CVE-2026-6406
Vulnerability Analysis
Docker Desktop's Enhanced Container Isolation feature restricts what containers can mount from the host. Administrators rely on ECI to prevent containers from mounting /var/run/docker.sock, which would otherwise grant container escape and host control. The ECI policy is enforced inside the Docker Desktop API proxy, which intercepts container create requests and validates mount specifications before forwarding them to the Docker Engine.
The enforcement code only examined the HostConfig.Binds array, the traditional mechanism for declaring bind mounts. Docker's API also supports a richer mount specification through HostConfig.Mounts, which expresses the same bind semantics using a structured object. The --use-api-socket CLI flag generates the socket mount using the Mounts form rather than Binds, so the ECI policy check never evaluates it.
The consequence is total access to /var/run/docker.sock from within the container. An attacker can launch privileged containers, mount the host filesystem, read Docker config files, and harvest registry authentication tokens stored by the logged-in user.
Root Cause
The root cause is incomplete authorization logic in the API proxy. The validator inspected only one of two equivalent mount declaration paths in the Docker Engine API, leaving the Mounts field outside the policy scope.
Attack Vector
Exploitation requires local access and the ability to invoke the Docker CLI. The attacker runs a container with docker run --use-api-socket ..., which transparently attaches the Docker socket through the unchecked Mounts field. From inside the container, the attacker issues Docker API calls to create new privileged containers or extract credentials. Technical analysis is available in the Zero Day Initiative Advisory ZDI-26-299.
Detection Methods for CVE-2026-6406
Indicators of Compromise
- Docker CLI invocations containing the --use-api-socket flag in shell histories or process audit logs on hosts where ECI is enabled.
- Container create API requests where HostConfig.Mounts references /var/run/docker.sock or docker.sock as the source path.
- Unexpected child container creation originating from inside a running container, indicating Docker socket abuse.
- Access to ~/.docker/config.json or registry credential helpers from container processes.
Detection Strategies
- Inspect Docker daemon logs and the Docker Desktop API proxy logs for container create requests carrying socket mounts via the Mounts field.
- Monitor command-line telemetry for the --use-api-socket argument on endpoints running Docker Desktop.
- Baseline ECI policy decisions and alert on containers that mount the Docker socket despite ECI being enabled.
Monitoring Recommendations
- Enable process command-line auditing on developer workstations and forward events to a central SIEM.
- Correlate Docker Desktop version inventory with the patched version 4.59.0 to identify exposed hosts.
- Track registry login events and credential file access patterns for anomalies following container execution.
How to Mitigate CVE-2026-6406
Immediate Actions Required
- Upgrade Docker Desktop to version 4.59.0 or later on all endpoints that rely on ECI for isolation.
- Audit existing admin-settings policies to confirm Docker socket mounts remain explicitly denied.
- Revoke and reissue container registry credentials that may have been exposed on potentially affected hosts.
Patch Information
Docker addressed the issue in Docker Desktop 4.59.0. The fix extends ECI enforcement to inspect both HostConfig.Binds and HostConfig.Mounts when evaluating Docker socket mount requests. Refer to the Docker Desktop Release Notes for the official update.
Workarounds
- Restrict use of the Docker CLI to trusted users through host-level access controls until patching is complete.
- Disable or block the --use-api-socket flag at the wrapper or policy layer where feasible.
- Log out of container registries on Docker Desktop hosts that cannot be immediately patched to limit credential exposure.
# Verify Docker Desktop version meets the patched release
docker version --format '{{.Client.Version}}'
# Confirm ECI is enabled in admin-settings.json
# (Windows: %ProgramData%\DockerDesktop\admin-settings.json)
# (macOS: /Library/Application Support/com.docker.docker/admin-settings.json)
cat admin-settings.json | grep -i enhancedContainerIsolation
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
