Vulnerability in Docker Sandboxes Affects Network Security Features
CVE-2026-12539

5.7MEDIUM

Key Information:

Vendor: Docker
Status: Docker Sandboxes
Vendor: CVE Published:; 18 June 2026

What is CVE-2026-12539?

Docker Sandboxes have been found to improperly manage ICMP egress traffic due to an authorization issue that is only applied during network creation. This means that when the Docker daemon restarts, any sandboxes rebuilt from disk can forward ICMP packets to arbitrary hosts, bypassing security measures. As a result, untrusted workloads within these sandboxes can exploit this vulnerability to conduct network reconnaissance and potentially exfiltrate sensitive data using ICMP covert channels, posing serious risks to network integrity and data privacy.

Affected Version(s)

Docker Sandboxes MacOS 0.14.0 < 0.33.0

References

https://docs.docker.com/ai/sandboxes/

product

https://github.com/docker/sbx-releases/releases/tag/v0.33.0

release-notes

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Jun 17, 2026

CVE-2026-12539 Data

JSON