{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/docker/docker--28.5.2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["docker/docker (\u003c= 28.5.2)","moby/moby/v2 (\u003c 2.0.0-beta.14)","moby/moby (\u003c= 28.5.2)"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","defense-evasion","docker"],"_cs_type":"threat","_cs_vendors":["Docker","Moby"],"content_html":"\u003cp\u003eA race condition vulnerability exists in Docker\u0026rsquo;s \u003ccode\u003edocker cp\u003c/code\u003e command related to the setup of temporary filesystem views when copying files into a container. This flaw, identified as CVE-2026-42306, allows a malicious container to redirect a bind mount target to an arbitrary host path. The vulnerability occurs because, during the setup, a process inside the container can replace the mount destination with a symlink pointing to the host before the mount syscall completes. This can lead to overwriting host files with the volume\u0026rsquo;s contents or causing denial of service by masking the host path. This vulnerability affects \u003ccode\u003edocker/docker\u003c/code\u003e versions up to 28.5.2 and \u003ccode\u003emoby/moby\u003c/code\u003e versions up to 28.5.2 and versions of \u003ccode\u003emoby/moby/v2\u003c/code\u003e prior to 2.0.0-beta.14.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA container with at least one volume mount is created.\u003c/li\u003e\n\u003cli\u003eA malicious process within the container gains the ability to rapidly create and swap symlinks at the volume mount destination path.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a target host path for redirection.\u003c/li\u003e\n\u003cli\u003eThe attacker prepares malicious content to overwrite the host path.\u003c/li\u003e\n\u003cli\u003eAn operator initiates a \u003ccode\u003edocker cp\u003c/code\u003e command to copy files into the container.\u003c/li\u003e\n\u003cli\u003eBefore the \u003ccode\u003emount()\u003c/code\u003e syscall completes, the malicious process replaces the mount destination with a symlink pointing to the attacker-controlled host path.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003emount()\u003c/code\u003e syscall follows the symlink, and the volume is bind-mounted to the attacker-controlled host path.\u003c/li\u003e\n\u003cli\u003eDepending on the volume content and permissions, either the host files are overwritten, or the host path is masked, potentially leading to denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this race condition (CVE-2026-42306) allows a malicious container to redirect a volume bind mount to an arbitrary host path. If the volume is writable, arbitrary host files at the redirected path could be overwritten, leading to data corruption or system compromise. If the volume is read-only, the host path is masked by the mount, causing a denial of service. While the mount is temporary and torn down after the \u003ccode\u003edocker cp\u003c/code\u003e completes, the effects of any writes persist.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to patched versions of \u003ccode\u003ego/github.com/docker/docker\u003c/code\u003e and \u003ccode\u003ego/github.com/moby/moby\u003c/code\u003e to address CVE-2026-42306.\u003c/li\u003e\n\u003cli\u003eOnly run containers from trusted images to minimize the risk of malicious processes exploiting the vulnerability.\u003c/li\u003e\n\u003cli\u003eAvoid using \u003ccode\u003edocker cp\u003c/code\u003e with untrusted running containers to prevent unintended bind mount redirection.\u003c/li\u003e\n\u003cli\u003eImplement authorization plugins to restrict access to the archive API endpoints (\u003ccode\u003ePUT /containers/{id}/archive\u003c/code\u003e, \u003ccode\u003eHEAD /containers/{id}/archive\u003c/code\u003e) as a workaround.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-18T17:54:09Z","date_published":"2026-05-18T17:54:09Z","id":"https://feed.craftedsignal.io/briefs/2026-05-docker-bind-mount-redirection/","summary":"A race condition in Docker's `docker cp` command allows a malicious container to redirect a bind mount target to an arbitrary host path by manipulating symlinks during the setup of temporary filesystem views, potentially overwriting host files or causing denial of service.","title":"Docker Race Condition Allows Bind Mount Redirection to Host Path (CVE-2026-42306)","url":"https://feed.craftedsignal.io/briefs/2026-05-docker-bind-mount-redirection/"}],"language":"en","title":"CraftedSignal Threat Feed — Docker/Docker (\u003c= 28.5.2)","version":"https://jsonfeed.org/version/1.1"}