Platform
go
Component
github.com/docker/model-runner
Fixed in
1.1.26
1.1.25
CVE-2026-33990 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Docker Model Runner. This flaw allows a malicious OCI registry to induce Model Runner to make unauthorized requests to internal services, potentially exposing sensitive data. The vulnerability impacts versions before 1.1.25, and a fix is available in version 1.1.25.
The SSRF vulnerability in Docker Model Runner allows an attacker to leverage a compromised or malicious OCI registry to initiate arbitrary HTTP GET requests from the Model Runner process. This means an attacker could potentially access internal services that are not directly exposed to the internet, such as databases, configuration management systems, or other internal APIs. The full response body from these internal services is then reflected back to the caller, enabling data exfiltration or potentially even remote code execution if the targeted internal service is vulnerable. The blast radius extends to any internal service accessible via HTTP, making this a significant security concern.
CVE-2026-33990 was publicly disclosed on 2026-03-30. The vulnerability's severity is pending evaluation. No public proof-of-concept exploits are currently known, but the SSRF nature of the vulnerability makes it a potential target for exploitation. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.03% (8% percentile)
The primary mitigation for CVE-2026-33990 is to upgrade Docker Model Runner to version 1.1.25 or later. If upgrading immediately is not feasible, consider implementing network segmentation to restrict Model Runner's access to internal resources. Additionally, carefully review and validate the OCI registries used by Model Runner, ensuring they are trusted and secure. WAF rules can be configured to block requests to unexpected internal IP ranges or hostnames. There are no specific Sigma or YARA rules available at this time, but monitoring network traffic for unusual outbound connections from the Model Runner process is recommended.
Update Docker Model Runner to version 1.1.25 or later. For Docker Desktop users, enable Enhanced Container Isolation (ECI) to block container access to Model Runner. If Docker Model Runner is exposed to localhost over TCP, ensure it is configured securely or is not exposed.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33990 is an SSRF vulnerability in Docker Model Runner, allowing malicious OCI registries to trigger unauthorized requests to internal services.
You are affected if you are using Docker Model Runner versions prior to 1.1.25.
Upgrade Docker Model Runner to version 1.1.25 or later. Consider network segmentation and registry validation as interim measures.
No public exploits are currently known, but the SSRF nature of the vulnerability makes it a potential target.
Refer to the official Docker security advisories and the GitHub repository for Docker Model Runner for updates and further information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.