Plattform
go
Komponente
github.com/docker/model-runner
Behoben in
1.1.26
1.1.25
CVE-2026-33990 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Docker Model Runner. This flaw allows a malicious OCI registry to trick Model Runner into making unauthorized requests to internal services, potentially exposing sensitive data. The vulnerability impacts versions before 1.1.25 and can be mitigated by upgrading to the patched version.
The SSRF vulnerability in Docker Model Runner arises from insufficient validation of the realm URL provided by OCI registries during the token exchange process. A malicious registry can craft a WWW-Authenticate header with a realm pointing to an internal service (e.g., http://127.0.0.1:3000/). When Model Runner attempts to pull a model, it will unknowingly send a request to this internal URL, effectively bypassing security controls. The response body from the internal service is then reflected back to the caller, potentially exposing sensitive information such as API keys, database credentials, or internal application data. This could lead to data breaches, unauthorized access to internal resources, and even facilitate lateral movement within the network.
CVE-2026-33990 was publicly disclosed on 2026-03-30. The vulnerability's impact is considered medium due to the potential for data exposure and lateral movement, though exploitation requires control over a malicious OCI registry. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. It is not currently listed on the CISA KEV catalog.
Organizations utilizing Docker Model Runner for model deployment and inference are at risk, particularly those with internal services accessible via HTTP. Shared hosting environments where multiple users share the same Model Runner instance are also at increased risk, as a compromised registry used by one user could potentially impact others.
• linux / server:
journalctl -u model-runner | grep -i "realm URL"• go / supply-chain: Inspect the Model Runner source code for the realm URL handling logic. Look for missing validation of the scheme, hostname, or IP range. • generic web: Monitor outbound HTTP requests from the Model Runner process using network monitoring tools. Look for connections to unexpected internal IP addresses or hostnames.
disclosure
Exploit-Status
EPSS
0.03% (8% Perzentil)
The primary mitigation for CVE-2026-33990 is to upgrade Docker Model Runner to version 1.1.25 or later. This version includes validation checks to prevent the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests from Model Runner, blocking connections to unauthorized internal URLs. Additionally, restrict access to the OCI registry to trusted sources only. Monitor network traffic for unusual outbound requests originating from Model Runner. After upgrading, confirm the fix by attempting to pull a model from a known malicious registry (in a controlled environment) to verify that the SSRF vulnerability is no longer exploitable.
Actualice Docker Model Runner a la versión 1.1.25 o posterior. Para usuarios de Docker Desktop, habilite Enhanced Container Isolation (ECI) para bloquear el acceso del contenedor a Model Runner. Si Docker Model Runner está expuesto a localhost sobre TCP, asegúrese de que esté configurado de forma segura o no esté expuesto.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-33990 is an SSRF vulnerability in Docker Model Runner, allowing malicious OCI registries to trigger unauthorized requests to internal services.
You are affected if you are using Docker Model Runner versions prior to 1.1.25.
Upgrade Docker Model Runner to version 1.1.25 or later. Consider network segmentation and registry validation as interim measures.
No public exploits are currently known, but the SSRF nature of the vulnerability makes it a potential target.
Refer to the official Docker security advisories and the GitHub repository for Docker Model Runner for updates and further information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.