CVE-2021-41092
5.4 MEDIUMDocker CLI is the command line interface for the docker container runtime
Published: 2021-10-04 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 5.4 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
- CWE
- CWE-200, CWE-522
Affected products
| Vendor | Product |
|---|---|
| docker | command_line_interface, fedora |
| fedoraproject | command_line_interface, fedora |
Description
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41092
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
- [Patch]https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
- [Other]https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
- [Patch]https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
- [Other]https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
Related CVEs
Same vendor
- CVE-2026-42306 — Moby is an open source container framework (7.2 HIGH)
- CVE-2026-41568 — Moby is an open source container framework (6.1 MEDIUM)
- CVE-2026-5843 — The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary P... (8.2 HIGH)
- CVE-2026-5817 — The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizer... (8.2 HIGH)
- CVE-2026-6406 — The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop (8.8 HIGH)
Same CWE
- CVE-2026-12117 — Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...
- CVE-2026-53840 — OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configur... (7.1 HIGH)
- CVE-2026-12320 — Information disclosure in the Password Manager component (4.3 MEDIUM)
- CVE-2026-12311 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
- CVE-2026-50870 — An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensi... (7.5 HIGH)