Docker Desktop ECI Flaw CVE-2026-6406 Lets Attackers Escalate

Executive Summary

Docker Desktop's Enhanced Container Isolation (ECI) feature contains a local privilege escalation vulnerability tracked as CVE-2026-6406 with a CVSS score of 8.8, according to an advisory published by Trend Micro's Zero Day Initiative (ZDI). The flaw allows an attacker who already has low-privileged code execution inside a container to escalate privileges on the host system. ZDI disclosed the vulnerability to Docker on an undisclosed date and has not yet released a patch; the advisory was published as a public notice under ZDI-26-299.

Technical Analysis

The vulnerability resides in Docker Desktop's Enhanced Container Isolation mechanism, a security layer designed to harden container boundaries beyond the default Linux namespace isolation. ZDI's advisory states that the specific issue involves "a dangerous function exposed" by the ECI component, which can be triggered by a local attacker who first obtains the ability to execute low-privileged code within a container.

Once the attacker has a foothold inside a container, they can exploit CVE-2026-6406 to escape the container's isolation and gain elevated privileges on the underlying host operating system. The attack vector is local, meaning the attacker must already have some level of access to a running container. This is not a remote code execution vulnerability; it is a privilege escalation chain that assumes an initial compromise of a container workload.

ZDI assigned the vulnerability a CVSS v3.1 base score of 8.8 (High), with the vector string indicating low attack complexity, low privileges required, no user interaction, and a scope change — meaning the compromised component (the container) is different from the affected component (the host). The confidentiality, integrity, and availability impacts are all rated as high.

Docker Desktop's ECI feature was introduced to provide stronger isolation for containers running on shared or multi-tenant hosts, particularly on macOS and Windows where native Linux container isolation is not available. The feature uses a lightweight VM and additional kernel-level protections. CVE-2026-6406 undermines those protections by allowing a container escape even when ECI is enabled.

As of the advisory publication date (April 24, 2026), ZDI notes that Docker has not yet released a security update to address the flaw. The advisory does not specify which versions of Docker Desktop are affected, nor does it provide technical details such as proof-of-concept code or specific function names, which is standard practice for ZDI advisories prior to a vendor patch.

Mitigations & Recommendations

Until Docker releases a patched version of Docker Desktop, organizations running containers with Enhanced Container Isolation enabled should treat any container workload that could be compromised by an attacker as a potential host compromise vector. Defenders should:

• Restrict container access: Ensure that only trusted users and processes can execute code inside containers, especially in multi-tenant or CI/CD environments.
• Monitor for container escape indicators: Watch for unusual system calls, file system access outside expected container paths, or privilege escalation attempts on the host that originate from container processes.
• Apply the principle of least privilege: Run containers with the minimum necessary capabilities and avoid running containers as root where possible.
• Segment container workloads: Isolate sensitive or high-risk containers on separate hosts or in separate namespaces to limit blast radius.
• Watch for Docker security updates: Subscribe to Docker's security advisory feed and apply the patch for CVE-2026-6406 as soon as it becomes available.