CVE-2026-2664 is an out-of-bounds read vulnerability classified under CWE-125, found in the grpcfuse kernel module that operates within the Linux virtual machine embedded in Docker Desktop for Windows, Linux, and macOS. This vulnerability exists in versions up to 4.61.0 and allows a local attacker with limited privileges (PR:L) to write to /proc/docker entries, which are special filesystem interfaces used by Docker for process and container management. The out-of-bounds read occurs due to insufficient bounds checking in grpcfuse, potentially leading to memory corruption or leakage of sensitive information. Although the exact impact is unspecified, such vulnerabilities can cause application crashes, denial of service, or unauthorized information disclosure. The attack vector is local, requiring the attacker to have access to the host system where Docker Desktop is installed, but no user interaction or elevated privileges beyond limited local rights are necessary. The vulnerability has been fixed in Docker Desktop version 4.62.0. The CVSS 4.0 vector indicates low attack complexity and no privileges required beyond local access, with high impact on confidentiality but no impact on integrity or availability. No public exploits have been reported, but the vulnerability poses a risk in environments where multiple users share systems or where local accounts may be compromised.

The vulnerability could allow local attackers to read memory out-of-bounds in the grpcfuse kernel module, potentially exposing sensitive information or causing instability in Docker Desktop environments. This could lead to unauthorized disclosure of container or host system data, undermining confidentiality. While integrity and availability impacts are not explicitly noted, memory corruption could cause crashes or denial of service in Docker Desktop, affecting containerized application availability. Organizations relying heavily on Docker Desktop for development, testing, or production workflows may face operational disruptions or data leakage risks. Insider threats or attackers who gain local access could exploit this vulnerability to escalate their capabilities or gather sensitive information. The medium severity rating reflects the local attack vector and the need for limited privileges, but the potential for high confidentiality impact warrants prompt remediation. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in multi-user or shared environments.

To mitigate this vulnerability, organizations should immediately upgrade Docker Desktop to version 4.62.0 or later, where the issue is resolved. Restrict local access to systems running Docker Desktop by enforcing strict user account controls and limiting permissions to trusted users only. Employ host-based intrusion detection systems (HIDS) to monitor unusual access or modifications to /proc/docker entries and grpcfuse-related kernel modules. Regularly audit and harden Docker Desktop configurations, disabling unnecessary features that expose kernel modules or filesystem interfaces. Use container security best practices such as running containers with least privilege and isolating development environments. Additionally, monitor for any unusual system behavior or crashes that could indicate exploitation attempts. Maintain up-to-date system and kernel patches to reduce the attack surface. Finally, educate users about the risks of local privilege misuse and enforce strong authentication and endpoint security controls to prevent unauthorized local access.