vulnerability

Docker Desktop: CVE-2021-37841: Incorrect Permission Assignment for Critical Resource

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:P/I:P/A:P)	Aug 12, 2021	Nov 3, 2025	Nov 3, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

Aug 12, 2021

Added

Nov 3, 2025

Modified

Nov 3, 2025

Description

Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.

Solution

docker-desktop-upgrade-latest

References

CVE-2021-37841
https://attackerkb.com/topics/CVE-2021-37841
URL-https://docs.docker.com/docker-for-windows/release-notes/
CWE-732

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today