{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2664", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "state": "PUBLISHED", "assignerShortName": "Docker", "dateReserved": "2026-02-18T08:31:13.158Z", "datePublished": "2026-02-24T10:09:18.664Z", "dateUpdated": "2026-02-26T08:34:00.870Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "MacOS", "Linux"], "product": "Docker Desktop", "vendor": "Docker", "versions": [{"lessThan": "4.62.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Pumpkin (@u1f383) from DEVCORE Research Team working with TrendAI Zero Day Initiative"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in&nbsp;Docker Desktop 4.62.0 .<br>"}], "value": "An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in\u00a0Docker Desktop 4.62.0 ."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2026-02-26T08:34:00.870Z"}, "references": [{"url": "https://docs.docker.com/desktop/release-notes/#4620"}], "source": {"discovery": "UNKNOWN"}, "title": "Out of bounds read vulnerability in grpcfuse kernel module", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T15:57:56.132963Z", "id": "CVE-2026-2664", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T15:58:34.975Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2664", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-24T15:57:56.132963Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T15:58:26.536Z"}}], "cna": {"title": "Out of bounds read vulnerability in grpcfuse kernel module", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Pumpkin (@u1f383) from DEVCORE Research Team working with TrendAI Zero Day Initiative"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Docker", "product": "Docker Desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "4.62.0", "versionType": "semver"}], "platforms": ["Windows", "MacOS", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.docker.com/desktop/release-notes/#4620"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in\u00a0Docker Desktop 4.62.0 .", "supportingMedia": [{"type": "text/html", "value": "An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in&nbsp;Docker Desktop 4.62.0 .<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2026-02-26T08:34:00.870Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2664", "state": "PUBLISHED", "dateUpdated": "2026-02-26T08:34:00.870Z", "dateReserved": "2026-02-18T08:31:13.158Z", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "datePublished": "2026-02-24T10:09:18.664Z", "assignerShortName": "Docker"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:desktop:*:*:*:*:*:linux:*:*", "matchCriteriaId": "A6E51481-EA28-4C06-8D89-EF23F941D97A", "versionEndExcluding": "4.62.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:desktop:*:*:*:*:*:macos:*:*", "matchCriteriaId": "073D0FEB-0A3B-45C4-9EA0-7151CACAA515", "versionEndExcluding": "4.62.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:desktop:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D1504684-E95D-47FB-AA34-76B0B5A73A43", "versionEndExcluding": "4.62.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in\u00a0Docker Desktop 4.62.0 ."}], "id": "CVE-2026-2664", "lastModified": "2026-02-27T17:56:12.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@docker.com", "type": "Secondary"}]}, "published": "2026-02-24T10:16:03.090", "references": [{"source": "security@docker.com", "tags": ["Release Notes"], "url": "https://docs.docker.com/desktop/release-notes/#4620"}], "sourceIdentifier": "security@docker.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security@docker.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows", "macos", "linux"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.62.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Docker Desktop", "source": "cna", "vendor": "Docker"}, "product": "docker_desktop", "vendor": "docker"}], "analysis": {"en": {"generated_at": "2026-04-18T19:37:09.106605+00:00", "value": {"mitigation_remediation": ["Upgrade Docker Desktop to version 4.62.0 or later, which removes the unsafe read path in the grpcfuse module.", "Restrict write permissions on the /proc/docker entries to block local users from triggering the out\u2011of\u2011bounds read.", "Regularly review Docker Desktop release notes for new security updates and ensure the product remains at the patched version."], "summary": {"action": "Apply Patch", "impact": "Local Out of Bounds Read"}, "threat_synthesis": {"affected_systems": "Docker Desktop for Windows, Linux, and macOS installations at or below version 4.61.0 are affected. The issue resides in the Linux VM that Docker Desktop embeds in these platforms, meaning any installation of these products at or below that version is at risk.", "description_and_impact": "An out of bounds read vulnerability exists in the grpcfuse kernel module installed within Docker Desktop\u2019s Linux virtual machine. The flaw permits a local attacker who can write to /proc/docker entries to trigger the module to read beyond the boundary of a memory buffer. The CVE description specifies that the attacker could cause an unspecified impact, and no further details are provided.", "risk_and_exploitability": "The CVSS score of 6.8 indicates moderate severity, and the EPSS score of less than 1\u202f% shows a very low probability of exploitation in the wild. Docker Desktop has not listed this flaw in CISA\u202fKEV. An attacker must have local access to the host and the ability to write to /proc/docker entries to exploit the vulnerability, which is the only required foothold."}}}}, "created": "2026-02-25T11:39:59.305567+00:00", "updated": "2026-04-18T19:45:08.964799+00:00", "vendors": ["docker", "docker$PRODUCT$docker_desktop"]}