wid-sec-w-2026-0922 · Published 2026-03-30 · View on BSI CERT-Bund ↗

Docker Desktop Model Runner: Vulnerability allows Offenlegung from Informationen

CVSS 6.8 MEDIUM

Risk Summary

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Docker Desktop Model Runner ausnutzen, um Server-Side Request Forgery (SSRF) durchzuführen und vertrauliche Informationen offenzulegen.

CVEs (1)

CVE-2026-33990

Affected Vendors

Docker

Affected Products (4)

Docker · Desktop Model Runner <1.1.25

Docker · Desktop Model Runner 1.1.25

Docker · Desktop <4.67.0

Docker · Desktop 4.67.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more