CVE-2026-12039

UNKNOWN 0.0

Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.

CWE	CWE-923
Vendor	docker
Product	docker sandboxes
Ecosystems	Container
Industries	Technology
Published	Jun 18, 2026
Last Updated	Jun 18, 2026

Stay Ahead of the Next One

Get instant alerts for docker docker sandboxes

Be the first to know when new unknown vulnerabilities affecting docker docker sandboxes are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Docker / Docker Sandboxes

0.13.0 < 0.33.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.docker.com: https://docs.docker.com/ai/sandboxes/ github.com: https://github.com/docker/sbx-releases/releases/tag/v0.33.0

Credits

Sophie Lemos