CVE-2026-8936
Published: 02 June 2026
Summary
CVE-2026-8936 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability in Docker Desktop (inferred from references). Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 1.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-34033
Vulnerability details
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Uncontrolled recursion (CWE-674) in grpcfuse directly enables application/system crash via crafted container filesystem operations, matching T1499.004 Endpoint DoS via exploitation.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.