VDB
GO-2026-4610
GO-2026-4610
PUBLISHED
CVSS 8.5 HIGH
Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli
Risk Scores
CVSS v4.0
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | docker/compose | 0, 0 |
| github.com | docker/compose/v2 | 2.31.0, 2.31.0 |
| github.com | docker/compose/v5 | 0, 0 |
| github.com | docker/cli | 0, 0 |
Timeline
- Mar 10, 2026 CVE Published
- Mar 23, 2026 CVE Updated
References
- https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p advisory
- https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa patch
- https://github.com/docker/cli/pull/6713 patch
- https://github.com/docker/compose/pull/12300 patch
- https://docs.docker.com/desktop/release-notes url
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304 url