CVE-2026-5843
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-05-22

Last updated on: 2026-06-01

Assigner: Docker Inc.

Description
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model's config.json specifies a model_file pointing to a Python file, MLX-LM uses importlib to load and execute it with no trust_remote_code gate or equivalent safety check. The MLX backend runs without sandboxing, resulting in arbitrary code execution on the Docker host as the Docker Desktop user. Any container on the Docker network can trigger this by calling the model-runner.docker.internal API to pull a malicious model from an attacker-controlled OCI registry and request inference.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-22
Last Modified
2026-06-01
Generated
2026-06-15
EPSS Evaluated
2026-06-14
NVD
CVE-2026-5843
EUVD
EUVD-2026-31491
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
docker docker_desktop From 4.56.0 (inc) to 4.71.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
AI Quick Actions have not been generated yet.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5843. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart