Arbitrary Code Execution Vulnerability in Docker Model Runner for macOS
CVE-2026-5843

8.8HIGH

Key Information:

Vendor: Docker
Status: Docker Desktop
Vendor: CVE Published:; 22 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-5843?

The Docker Model Runner on macOS contains a serious vulnerability in the MLX inference backend, specifically due to its handling of model files. By using the MLX-LM library, the model runner can import and execute arbitrary Python files located in model directories without appropriate checks. This is particularly concerning as it allows for the execution of untrusted code from the specified model_file within config.json, leading to the potential compromise of the Docker host environment. Any Docker container can exploit this vulnerability by making requests to the model-runner.docker.internal API to execute models from unsecure sources.

Affected Version(s)

Docker Desktop MacOS 4.56.0 < 4.71.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-5843
Created by davidrxchester

References

https://docs.docker.com/desktop/release-notes/#4710

release-notes

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
🟡
Public PoC available
May 20, 2026
👾
Exploit known to exist
May 20, 2026
Vulnerability Reserved
Apr 8, 2026

Credit

David Rochester (@davidrxchester)

Nicholas Gould (@gouldnicholas)

CVE-2026-5843 Data

JSON