Arbitrary File Write Vulnerability in Docker Model Runner by Docker

CVE-2026-28400

What is CVE-2026-28400?

Docker Model Runner (DMR) is vulnerable due to the exposure of an unsecured POST /engines/_configure endpoint, allowing unauthenticated users to pass arbitrary runtime flags to the underlying inference server (llama.cpp). Attackers can exploit this by injecting flags such as --log-file, enabling them to write to or overwrite files associated with the Model Runner process. If Docker Model Runner is deployed alongside Docker Desktop, attackers can access this service from any default container without authentication, potentially leading to destructive outcomes, including the loss of containers, volumes, and image histories. In certain configurations, this vulnerability may further allow container escape. Users must update to Docker Model Runner version 1.0.16 or later, and Docker Desktop users should upgrade to version 4.61.0 or beyond. Enabling Enhanced Container Isolation (ECI) can help mitigate possible exploitation by restricting access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References