- Description
- The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files included in any model pulled from an OCI registry, resulting in arbitrary code execution on the Docker host as the Docker Desktop user when inference is triggered. Any container on the Docker network can trigger this by calling the model-runner.docker.internal API to pull a malicious model and request inference.
- Source
- security@docker.com
- NVD status
- Analyzed
- Products
- docker_desktop
CVSS 4.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.6
- Impact score
- 6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
- security@docker.com
- CWE-829
- Hype score
- Not currently trending
https://t.co/jv4evsl92J Security Advisory: CVE-2026-5817 — Docker Model Runner Arbitrary Code Execution via Unsandboxed trust_remote_code Tokenizer Loading Docker has officially disclosed CVE-2026-5817, a high-severity code execution vulnerability in the Docker Model Runner's
@DIYprojects55
25 May 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2026-5817 The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing.… https://t.co/Rr9Rgzx8N1 ----- Traducción: CVE-2026-5817 El … https://t.co/utmtNg
@infoflowcloud
23 May 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-5817 CVE-2026-5843 PoC Minimal OCI registry that serves a malicious model to e... https://t.co/kjuiiusxhW Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
22 May 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D13BBDD8-AB90-414E-A29B-75FA2125E68F",
"versionEndExcluding": "4.68.0",
"versionStartIncluding": "4.62.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]