Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
Docker Desktop for Windows, Linux, macOS: Local attacker can read sensitive data
CVE-2026-2664
Summary
Docker Desktop versions up to 4.61.0 have a security issue that allows a local attacker to potentially read sensitive information. This affects Docker Desktop on Windows, Linux, and macOS. Update to version 4.62.0 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| docker | desktop | <= 4.62.0 | – |
| docker | desktop | <= 4.62.0 | – |
| docker | desktop | <= 4.62.0 | – |
Original title
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause a...
Original description
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop 4.62.0 .
nvd CVSS3.1
7.8
nvd CVSS4.0
6.8
Vulnerability type
CWE-125
Out-of-bounds Read
- https://docs.docker.com/desktop/release-notes/#4620 Release Notes
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026