vulnerability

Docker Desktop: CVE-2022-37326: Incorrect Authorization

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Apr 27, 2023	Nov 3, 2025	Nov 3, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Apr 27, 2023

Added

Nov 3, 2025

Modified

Nov 3, 2025

Description

Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.

Solution

docker-desktop-upgrade-latest

References

CVE-2022-37326
https://attackerkb.com/topics/CVE-2022-37326
URL-https://docs.docker.com/desktop/release-notes/#docker-desktop-460
URL-https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2
CWE-863

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today