QSearchQSearch

CVE-2026-5843

8.2 HIGH

The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary P...

Published: 2026-05-22 · Last updated: 2026-06-01

Severity and scoring

CVSS
8.2 HIGH
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE
CWE-829

Affected products

VendorProduct
dockerdocker_desktop

Description

The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model's config.json specifies a model_file pointing to a Python file, MLX-LM uses importlib to load and execute it with no trust_remote_code gate or equivalent safety check. The MLX backend runs without sandboxing, resulting in arbitrary code execution on the Docker host as the Docker Desktop user. Any container on the Docker network can trigger this by calling the model-runner.docker.internal API to pull a malicious model from an attacker-controlled OCI registry and request inference.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-42306 Moby is an open source container framework (7.2 HIGH)
  • CVE-2026-41568 Moby is an open source container framework (6.1 MEDIUM)
  • CVE-2026-5817 The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizer... (8.2 HIGH)
  • CVE-2026-6406 The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop (8.8 HIGH)
  • CVE-2026-34040 Moby is an open source container framework (8.8 HIGH)

Same CWE

  • CVE-2026-42089 Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved (8.6 HIGH)
  • CVE-2026-48124 Cursor is a code editor built for programming with AI
  • CVE-2026-12057 When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfac... (8.6 HIGH)
  • CVE-2026-53810 OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading towar... (8.8 HIGH)
  • CVE-2026-52858 Vim is an open source, command line text editor (7.8 HIGH)