CVE-2026-8936
grpcfuse Kernel Module VM Panic via Unbounded Recursion
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: Docker Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docker | docker_desktop | 4.76.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the grpcfuse kernel module used by Docker Desktop. It causes a virtual machine (VM) panic due to unbounded recursion when a container creates deeply nested directories on a bind-mounted host folder and triggers a dentry invalidation event. Essentially, the system enters an infinite recursive state leading to a crash.
The issue has been addressed and fixed in Docker Desktop version 4.76.0.
How can this vulnerability impact me? :
This vulnerability can cause the Docker Desktop virtual machine to panic and crash when certain conditions are met, specifically when deeply nested directories are created in a container on a bind-mounted host folder. This can lead to service disruption, loss of availability, and potential interruption of containerized applications running on affected systems.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Docker Desktop to version 4.76.0 or later where the issue has been fixed.