Changeflow GovPing Data Privacy & Cybersecurity Docker Desktop Model Runner SSRF Vulnerability ...
Priority review Notice Added Final

Docker Desktop Model Runner SSRF Vulnerability Advisory

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 30th, 2026
Detected March 31st, 2026
Email

Summary

CERT-Bund issued a security advisory regarding a Server-Side Request Forgery (SSRF) vulnerability in Docker Desktop Model Runner (versions prior to 1.1.25) and Docker Desktop (versions prior to 4.67.0). The vulnerability carries a CVSS Base Score of 7.4 (high) and allows remote anonymous attackers to disclose confidential information.

View original document View source feed page

What changed

CERT-Bund published advisory WID-SEC-2026-0922 disclosing an SSRF vulnerability in Docker Desktop Model Runner and Docker Desktop affecting Windows, UNIX, and other operating systems. The vulnerability enables remote, anonymous attackers to perform Server-Side Request Forgery attacks and access sensitive information.

Organizations running affected Docker products should immediately update to Docker Desktop Model Runner version 1.1.25 or later, or Docker Desktop version 4.67.0 or later. Where immediate patching is not feasible, mitigation measures should be applied and systems should be monitored for signs of exploitation.

What to do next

  1. Identify all Docker Desktop Model Runner installations and verify version numbers
  2. Update Docker Desktop Model Runner to version 1.1.25 or later, or Docker Desktop to version 4.67.0 or later
  3. Review systems for indicators of compromise consistent with SSRF exploitation

Source document (simplified)

[WID-SEC-2026-0922] Docker Desktop Model Runner: Schwachstelle ermöglicht Offenlegung von Informationen CVSS Base Score 7.4 (hoch) CVSS Temporal Score 6.4 (mittel) Remoteangriff ja Datum 30.03.2026 Stand 31.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

Docker Desktop ist ein GUI-Tool rund um die Open-Source-Docker-Engine, mit dem sich containerisierte Anwendungen auf einem lokalen Rechner erstellen, teilen und ausführen lassen.

Produkte

30.03.2026
- Docker Desktop Model Runner <1.1.25

  • Docker Desktop <4.67.0

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Docker Desktop Model Runner ausnutzen, um Server-Side Request Forgery (SSRF) durchzuführen und vertrauliche Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de libarchive Remote Code Execution Vulnerability
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Asterisk security advisory, XSS, root code execution
Routine Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Synacor Zimbra vulnerability bypasses security, manipulates data
Routine Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com Systems and methods of protecting secrets in use with containerized applications
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for changeflow.com Secure data parser method and system
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for changeflow.com IBM patent for entity-wide database asset index generation
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 30th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
WID-SEC-2026-0922

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Security vulnerability management Software patching
Threshold
Docker Desktop Model Runner <1.1.25, Docker Desktop <4.67.0
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Data Privacy

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 285 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.