CVE-2026-12539
Received Received - Intake
ICMP Egress Bypass in Docker Sandboxes

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: Docker Inc.

Description
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-12539
EUVD
EUVD-2026-37893
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
docker docker *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-923 The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
CWE-665 The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Docker Sandboxes (sbx) where ICMP egress traffic is blocked using an authorizer applied only at the time the network is created. However, when the Docker daemon restarts and networks are rebuilt from disk, this authorizer is not re-applied. As a result, a sandbox that survives the restart can forward ICMP traffic to arbitrary hosts.

This means that a workload running inside such a sandbox, which is considered untrusted, can bypass the intended ICMP egress block. This allows the workload to perform network reconnaissance and exfiltrate data using an ICMP covert channel, even if an allowlist is configured to prevent such traffic.

Impact Analysis

The vulnerability can impact you by allowing untrusted workloads inside Docker sandboxes to bypass network restrictions on ICMP traffic. This can lead to unauthorized network reconnaissance, where the attacker can gather information about the network environment.

Additionally, it enables data exfiltration through an ICMP covert channel, potentially leaking sensitive information outside the intended network boundaries despite configured allowlists.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12539. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart