Docker CLI for Windows Privilege Escalation Vulnerability via Malicious CLI Plugins

Vulnerability

A vulnerability exists in Docker CLI for Windows, specifically in versions through 29.1.5, allowing low-privileged attackers to execute malicious CLI plugins. The issue arises because the Docker CLI searches for plugin binaries in a directory that does not exist by default. An attacker can create this directory and place harmful binaries, such as docker-compose.exe or docker-buildx.exe, which are executed when the user opens Docker Desktop or uses Docker CLI plugin features. This could lead to privilege escalation if Docker CLI is run as a privileged user.

Impact

Exploitation of this vulnerability could result in unauthorized execution of malicious CLI plugins, potentially leading to privilege escalation, especially if the user has elevated rights.

Added: Mar 4, 2026, 5:31 PM

Updated: Mar 4, 2026, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

3.1

remediation

0.0

relevance

3.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

3.1

remediation

0.0

relevance

3.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Docker CLI for Windows Privilege Escalation Vulnerability via Malicious CLI Plugins

Vulnerability

Impact

Affected Products

Docker CLI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating