Platform
go
Component
github.com/docker/model-runner
Opgelost in
1.1.26
1.1.25
CVE-2026-33990 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Docker Model Runner. This flaw allows a malicious OCI registry to induce Model Runner to make unauthorized requests to internal services, potentially exposing sensitive data. The vulnerability impacts versions before 1.1.25, and a fix is available in version 1.1.25.
The SSRF vulnerability in Docker Model Runner allows an attacker to leverage a compromised or malicious OCI registry to initiate arbitrary HTTP GET requests from the Model Runner process. This means an attacker could potentially access internal services that are not directly exposed to the internet, such as databases, configuration management systems, or other internal APIs. The full response body from these internal services is then reflected back to the caller, enabling data exfiltration or potentially even remote code execution if the targeted internal service is vulnerable. The blast radius extends to any internal service accessible via HTTP, making this a significant security concern.
CVE-2026-33990 was publicly disclosed on 2026-03-30. The vulnerability's severity is pending evaluation. No public proof-of-concept exploits are currently known, but the SSRF nature of the vulnerability makes it a potential target for exploitation. It is not currently listed on the CISA KEV catalog.
Organizations utilizing Docker Model Runner for model deployment and inference are at risk, particularly those with internal services accessible via HTTP. Shared hosting environments where multiple users share the same Model Runner instance are also at increased risk, as a compromised registry used by one user could potentially impact others.
• linux / server:
journalctl -u model-runner | grep -i "realm URL"• go / supply-chain: Inspect the Model Runner source code for the realm URL handling logic. Look for missing validation of the scheme, hostname, or IP range. • generic web: Monitor outbound HTTP requests from the Model Runner process using network monitoring tools. Look for connections to unexpected internal IP addresses or hostnames.
disclosure
Exploit Status
EPSS
0.03% (8% percentiel)
The primary mitigation for CVE-2026-33990 is to upgrade Docker Model Runner to version 1.1.25 or later. If upgrading immediately is not feasible, consider implementing network segmentation to restrict Model Runner's access to internal resources. Additionally, carefully review and validate the OCI registries used by Model Runner, ensuring they are trusted and secure. WAF rules can be configured to block requests to unexpected internal IP ranges or hostnames. There are no specific Sigma or YARA rules available at this time, but monitoring network traffic for unusual outbound connections from the Model Runner process is recommended.
Actualice Docker Model Runner a la versión 1.1.25 o posterior. Para usuarios de Docker Desktop, habilite Enhanced Container Isolation (ECI) para bloquear el acceso del contenedor a Model Runner. Si Docker Model Runner está expuesto a localhost sobre TCP, asegúrese de que esté configurado de forma segura o no esté expuesto.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-33990 is an SSRF vulnerability in Docker Model Runner, allowing malicious OCI registries to trigger unauthorized requests to internal services.
You are affected if you are using Docker Model Runner versions prior to 1.1.25.
Upgrade Docker Model Runner to version 1.1.25 or later. Consider network segmentation and registry validation as interim measures.
No public exploits are currently known, but the SSRF nature of the vulnerability makes it a potential target.
Refer to the official Docker security advisories and the GitHub repository for Docker Model Runner for updates and further information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je go.mod-bestand en we vertellen je direct of je getroffen bent.