Vulnerability CVE-2022-31647


Published: 2023-04-27

Description:
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.

 References:
https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2
https://docs.docker.com/desktop/release-notes/#docker-desktop-460

Copyright 2026, cxsecurity.com

 

Back to Top