How is CVE-2026-42306 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network access to the service is required. Authentication (required): Any low-privilege account with permission to run containers is sufficient; no admin credentials are needed. Victim interaction (required): A user or automation with sufficient privileges must execute a docker cp operation against the malicious container for the race window to open. Attack complexity (info): Exploitation depends on winning a race condition during bind mount setup, requiring precise timing and likely repeated attempts.

What is the impact of CVE-2026-42306?

Overwrites arbitrary files on the container host, including binaries, configuration files, or credentials. Corrupts or replaces host-side files in a way that persists after the container exits. Causes the Docker daemon to crash, taking down all containers on the affected host. Disrupts the availability of workloads running on the same host by destabilizing the daemon process.

Back to search

HIGHCVE-2026-42306Published 2026-06-12Modified 2026-06-13CNA GitHub_M

CVE-2026-42306: Moby: Race condition in docker cp allows bind mount redirection to host path

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. This issue has been patched in Docker Engine version 29.5.1 and Moby Daemon version 2.0.0-beta.14.

CVSS v3.1: 7.2
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A race condition in Moby (the open source container framework underlying Docker Engine) allows a low-privileged local attacker with the ability to run containers to redirect a bind mount during a docker cp operation to an arbitrary host path. The exploit requires network-adjacent or local access, a low-privilege account, victim interaction, and timing precision due to the race window. Successful exploitation lets an attacker overwrite arbitrary files on the host or crash the Docker daemon, achieving integrity damage or denial of service. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment upstream publishes a stable fix version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle affected Moby or Docker Engine versions.

Available

Triage

Affected images are scored at CVSS 7.2 HIGH and surfaced through each customer org's compliance policy weighting, which controls severity thresholds and routing. Triage tickets are routable to the appropriate team inbox based on the per-environment policy configuration.

Available

Patch

Because no stable fix version has been published yet, HarborGuard re-checks the upstream advisory on every ingest cycle. The moment Docker Engine 29.5.1 or Moby 2.0.0-beta.14 is indexed as a stable release, a patched-image rebuild will become available; for customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will trigger automatically.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access to the service is required.
AuthenticationRequired
Any low-privilege account with permission to run containers is sufficient; no admin credentials are needed.
Victim interactionRequired
A user or automation with sufficient privileges must execute a docker cp operation against the malicious container for the race window to open.
Attack complexityDetail
Exploitation depends on winning a race condition during bind mount setup, requiring precise timing and likely repeated attempts.

Blast Radius

Overwrites arbitrary files on the container host, including binaries, configuration files, or credentials.
Corrupts or replaces host-side files in a way that persists after the container exits.
Causes the Docker daemon to crash, taking down all containers on the affected host.
Disrupts the availability of workloads running on the same host by destabilizing the daemon process.

How HarborGuard Handles This

Available on HarborGuard: because no stable upstream fix exists at this time, HarborGuard continuously monitors the advisory on every ingest cycle. As interim compensating controls, customers can apply network-policy isolation to restrict which principals can invoke docker cp against untrusted containers, enforce least-privilege container scheduling policies to limit PR:L exposure, and use feature-flag gating or admission controls to block docker cp in production pipelines where it is not required. HarborGuard will make a patched-image rebuild available automatically the moment Docker Engine 29.5.1 or Moby 2.0.0-beta.14 is confirmed in the upstream feed. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered without manual intervention.

See how HarborGuard automates this

Affected packages

moby / moby
github.com/docker/docker/daemon <= 28.5.2 · Docker Engine < 29.5.1 · github.com/moby/moby/v2/daemon < 2.0.0-beta.14

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H

References

https://github.com/moby/moby/security/advisories/GHSA-rg2x-37c3-w2rh

Metrics

Get notified