CVE-2026-14784
Received Received - Intake

Sandbox Escape in vxcontrol PentAGI via Docker API

Vulnerability report for CVE-2026-14784, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: VulDB

Description

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptance.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
vxcontrol pentagi to 2.1.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-265
CWE-264 Permissions, Privileges, and Access Controls

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in vxcontrol PentAGI up to version 2.1.0, specifically in the Docker API component within the file backend/pkg/docker/client.go. It allows an attacker to manipulate the system leading to a sandbox escape issue. The attack can be initiated remotely.

The root cause involves the host Docker socket being mounted inside sandbox containers, which enables an attacker to escape the container sandbox and execute arbitrary commands on the host system by exploiting prompt injection.

A security pull request aims to harden sandbox containers by adding restrictions such as the 'no-new-privileges' flag, limiting process counts, dropping unnecessary Linux capabilities, and changing default environment variables to safer values. However, these are defense-in-depth measures and do not fully resolve the root cause.

Impact Analysis

If exploited, this vulnerability allows an attacker to escape the sandboxed environment of PentAGI and gain unauthorized access to the host system.

  • Run privileged containers that mount the host filesystem, enabling full read/write access.
  • Perform lateral movement by accessing all containers, images, volumes, and networks on the host.

This can lead to significant compromise of the host system's integrity, confidentiality, and availability.

Detection Guidance

This vulnerability involves the host Docker socket (/var/run/docker.sock) being bind-mounted into sandbox containers, which can be detected by checking container configurations for this mount and the environment variable DOCKER_INSIDE.

  • Check if any running containers have the Docker socket mounted: docker inspect <container_id> | grep "/var/run/docker.sock"
  • Verify the value of the DOCKER_INSIDE environment variable inside the container: docker exec <container_id> printenv DOCKER_INSIDE
  • Look for containers running with elevated privileges or with capabilities that allow host access: docker ps --filter "privileged=true"
  • Monitor for suspicious container activity such as spawning privileged containers or mounting host filesystems.
Mitigation Strategies

Immediate mitigation steps include hardening the sandbox containers and restricting access to the host Docker socket.

  • Set the environment variable DOCKER_INSIDE to false to prevent bind-mounting the host Docker socket into sandbox containers.
  • Use a least-privilege socket proxy instead of directly mounting the Docker socket.
  • Implement rootless or sysbox Docker-in-Docker (DinD) to isolate containers better.
  • Apply the security hardening changes from the pending pull request, including adding no-new-privileges:true, setting PidsLimit to 2048, dropping unnecessary Linux capabilities, and enabling startup warnings about socket-escape risks.
Compliance Impact

The vulnerability in vxcontrol PentAGI allows an attacker to escape the sandbox environment and gain privileged access to the host system via the Docker socket. This can lead to unauthorized access to sensitive data and systems.

Such unauthorized access and potential data exposure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on data confidentiality, integrity, and access.

However, the provided information does not explicitly state the direct effects on compliance or mention specific regulatory impacts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14784. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart