Cyber Resilience

CVE-2026-2664

Medium

Published: 24 February 2026

Published
24 February 2026
Modified
27 February 2026
KEV Added
Patch
CVSS Score v4 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 5.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2664 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Docker Desktop. Its CVSS base score is 6.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-2664 is an out-of-bounds read vulnerability (CWE-125) in the grpcfuse kernel module within the Linux VM of Docker Desktop for Windows, Linux, and macOS up to version 4.61.0. The flaw is triggered by writing to /proc/docker entries, potentially leading to unspecified impacts.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, score 7.8). Successful exploitation could result in high impacts to confidentiality, integrity, and availability on the affected system.

Docker has fixed the issue in Docker Desktop 4.62.0. Additional mitigation details are available in the release notes at https://docs.docker.com/desktop/release-notes/#4620.

EU & UK References

Vulnerability details

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing…

more

to /proc/docker entries. The issue has been fixed in Docker Desktop 4.62.0 .

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Why these techniques?

Local kernel OOB read in Docker Desktop's Linux VM (triggered via /proc) directly enables privilege escalation from low-priv context and facilitates container/VM escape to the host.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25258Shared CWE-125
CVE-2025-22226Shared CWE-125
CVE-2026-31569Shared CWE-125
CVE-2026-23673Shared CWE-125
CVE-2026-31675Shared CWE-125
CVE-2026-25174Shared CWE-125
CVE-2025-49687Shared CWE-125
CVE-2026-32076Shared CWE-125
CVE-2024-57998Shared CWE-125
CVE-2025-24228Shared CWE-125

Affected Assets

docker
desktop
≤ 4.62.0 · ≤ 4.62.0 · ≤ 4.62.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching of the out-of-bounds read vulnerability in the grpcfuse kernel module, as fixed in Docker Desktop 4.62.0, to prevent local exploitation via /proc/docker writes.

preventdetect

Vulnerability scanning identifies CVE-2026-2664 in Docker Desktop's Linux VM kernel module, triggering remediation to prevent low-privilege local attacks.

prevent

Memory protections such as ASLR and data execution prevention limit the exploitability and impact of the out-of-bounds read in the grpcfuse kernel module.

References