CVE-2026-2664 – An out-of-bounds read vulnerability in the grpc... (How to Fix)

Q: What is the severity of CVE-2026-2664?

CVE-2026-2664 has a CVSS score of 7.8 (HIGH). An out-of-bounds read vulnerability in the grpcfuse kernel module in Docker Desktop's Linux VM allows local attackers to write to /proc/docker entries, potentially leading to information disclosure or system compromise. This affects Docker Desktop users on Windows, Linux, and macOS. Only local attackers can exploit this vulnerability.

📋 TL;DR

An out-of-bounds read vulnerability in the grpcfuse kernel module in Docker Desktop's Linux VM allows local attackers to write to /proc/docker entries, potentially leading to information disclosure or system compromise. This affects Docker Desktop users on Windows, Linux, and macOS. Only local attackers can exploit this vulnerability.

💻 Affected Systems

Products:

Docker Desktop

Versions: All versions up to and including 4.61.0

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Docker Desktop installations with the grpcfuse module enabled (default). Docker Engine/CE without Desktop is not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full container host compromise, container escape, or arbitrary code execution on the host system.

🟠

Likely Case

Information disclosure from kernel memory, potential denial of service through kernel panic, or limited privilege escalation within the container context.

🟢

If Mitigated

Minimal impact if proper access controls restrict local user access to Docker Desktop instances and containers run with least privilege.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the Docker Desktop instance; not directly exploitable over the network.

🏢 Internal Only: MEDIUM - Internal users with access to Docker Desktop could exploit this to escalate privileges or compromise container environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the Docker Desktop instance and knowledge of kernel exploitation techniques. No public exploits have been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.62.0

Vendor Advisory: https://docs.docker.com/desktop/release-notes/#4620

Restart Required: Yes

Instructions:

1. Open Docker Desktop application. 2. Navigate to Settings/Preferences. 3. Check for updates. 4. Install version 4.62.0 or later. 5. Restart Docker Desktop.

🔧 Temporary Workarounds

Disable Docker Desktop

all

Temporarily disable Docker Desktop and use Docker Engine/CE instead if available

docker --version
sudo systemctl stop docker
sudo systemctl disable docker

Restrict local user access

linux

Limit which users can access Docker Desktop and run containers

sudo usermod -aG docker <username>
sudo chmod 660 /var/run/docker.sock

🧯 If You Can't Patch

Restrict Docker Desktop access to trusted users only
Monitor for unusual container activity or privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Docker Desktop version in application settings or run 'docker version' and look for Desktop version

Check Version:

docker version --format '{{.Client.Version}}'

Verify Fix Applied:

Confirm Docker Desktop version is 4.62.0 or later in application settings

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unusual /proc/docker access attempts
Container escape attempts

Network Indicators:

N/A - Local vulnerability only

SIEM Query:

source="docker" AND (event="panic" OR event="oob" OR event="out_of_bounds")

📊 Metadata

CVE ID: CVE-2026-2664

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: February 24, 2026

Last Updated: February 27, 2026

🔗 References

https://docs.docker.com/desktop/release-notes/#4620 Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2664, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Desktop by Docker

Desktop by Docker

Desktop by Docker

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Docker Desktop

Restrict local user access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities