Docker Ask Gordon AI assistant Meta-Context Injection security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Docker's Ask Gordon AI assistant is affected by Meta-Context Injection, where unverified metadata can be turned into executable instructions. The flaw creates critical RCE risk in cloud and CLI deployments and data exfiltration/reconnaissance risk in Docker Desktop. Docker has already shipped a fix in Docker Desktop 4.50.0.
Related Happenings
Vm2 Node.js sandbox library sandbox escape (CVE-2026-22709)
Vulnerability
First: 27.01.2026 18:35
Last: 27.01.2026 18:35
Sources 1
About this happening:
**vm2 Node.js sandbox library** has a critical **CVE-2026-22709** sandbox-escape flaw that can let untrusted JavaScript break out and run **arbitrary code** on the host. The weakn...
Vm2 Node.js sandbox library sandbox escape (CVE-2026-22709)
VulnerabilityAbout this happening: **vm2 Node.js sandbox library** has a critical **CVE-2026-22709** sandbox-escape flaw that can let untrusted JavaScript break out and run **arbitrary code** on the host. The weakn...
VoidLink analysis reveals Kubernetes/Docker checks and modular anti-analysis behavior
Technical Analysis
First: 14.01.2026 00:12
Last: 14.01.2026 00:12
Sources 1
About this happening:
**VoidLink** is a **Linux C2 framework** built for **cloud and container environments**, with **multi-cloud targeting** across **AWS, Google Cloud Platform, Microsoft Azure, Aliba...
VoidLink analysis reveals Kubernetes/Docker checks and modular anti-analysis behavior
Technical AnalysisAbout this happening: **VoidLink** is a **Linux C2 framework** built for **cloud and container environments**, with **multi-cloud targeting** across **AWS, Google Cloud Platform, Microsoft Azure, Aliba...
Docker expands Hardened Images catalog access with near-zero-CVE subscriptions
Security Tool/Service
First: 08.10.2025 01:09
Last: 08.10.2025 01:09
Sources 1
About this happening:
Docker expanded **Hardened Images** access with a **30-day free trial** and subscription use for all users, making secure container images more accessible to **startups and SMBs**...
Docker expands Hardened Images catalog access with near-zero-CVE subscriptions
Security Tool/ServiceAbout this happening: Docker expanded **Hardened Images** access with a **30-day free trial** and subscription use for all users, making secure container images more accessible to **startups and SMBs**...
Exposed Docker API malware botnet-building tooling
Malware Activity
First: 09.09.2025 22:16
Last: 09.09.2025 22:16
Sources 1
About this happening:
Updated **malware** targeting **exposed Docker APIs** now **self-replicates**, establishes **persistent SSH access**, and **blocks port 2375**, raising the risk of a durable botne...
Exposed Docker API malware botnet-building tooling
Malware ActivityAbout this happening: Updated **malware** targeting **exposed Docker APIs** now **self-replicates**, establishes **persistent SSH access**, and **blocks port 2375**, raising the risk of a durable botne...
Exposed Docker API XMRig miner dropper
Malware Activity
First: 09.09.2025 17:01
Last: 09.09.2025 17:01
Sources 1
About this happening:
A **binary dropper** carrying **XMRig** was deployed through **exposed Docker APIs**, turning compromised containers into cryptocurrency-mining infrastructure and increasing the r...
Exposed Docker API XMRig miner dropper
Malware ActivityAbout this happening: A **binary dropper** carrying **XMRig** was deployed through **exposed Docker APIs**, turning compromised containers into cryptocurrency-mining infrastructure and increasing the r...
Timeline
-
03.02.2026 17:15 1 articles · 3mo ago
Noma Labs reports DockerDash to Docker
Initial DisclosureNoma Labs reports DockerDash to Docker on September 17, 2025 after finding that a malicious Docker LABEL inside a Docker image can be interpreted by Ask Gordon and forwarded through the Model Context Protocol (MCP) gateway without validation, turning metadata into executable instructions.
Show sources
- DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon — www.infosecurity-magazine.com — 03.02.2026 17:15
-
03.02.2026 17:15 1 articles · 3mo ago
Docker confirms the Ask Gordon vulnerability
Technical Analysis UpdateDocker confirms the Ask Gordon vulnerability on October 13, 2025, validating that unverified metadata in a Docker image can be interpreted as instructions through the Model Context Protocol (MCP) gateway and execute across the Ask Gordon tool chain.
Show sources
- DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon — www.infosecurity-magazine.com — 03.02.2026 17:15
-
03.02.2026 17:15 1 articles · 3mo ago
Docker releases Docker Desktop 4.50.0 with Ask Gordon mitigations
Mitigation Patch UpdateDocker releases Docker Desktop version 4.50.0 on November 6, 2025 and adds mitigations that stop Ask Gordon from rendering user-provided image URLs and require explicit user confirmation before any MCP tools are invoked.
Show sources
- DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon — www.infosecurity-magazine.com — 03.02.2026 17:15
-
03.02.2026 17:15 2 articles · 3mo ago
Noma Labs publicly discloses DockerDash
Initial DisclosureNoma Labs publicly discloses DockerDash on February 3, 2026, describing a critical flaw in Docker's Ask Gordon AI assistant where a malicious Docker LABEL can drive the Model Context Protocol (MCP) gateway to execute instructions, causing critical-impact remote code execution in cloud and CLI deployments and data exfiltration and reconnaissance in Docker Desktop.
Show sources
- DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon — www.infosecurity-magazine.com — 03.02.2026 17:15
- DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon — www.infosecurity-magazine.com — 03.02.2026 17:15