Docker Desktop 4.50.0 Ask Gordon security update
Security Patch Release
Summary
Hide ▲
Show ▼
Docker released Docker Desktop 4.50.0 to address a critical Ask Gordon flaw that could turn unverified metadata into executable instructions. The update matters because the weakness could enable remote code execution in cloud and CLI environments and data exfiltration in Docker Desktop. Docker also added mitigations that block one exfiltration path and require explicit user confirmation for MCP tool use.
Related Happenings
AWS Bedrock AgentCore Code Interpreter DNS exfiltration and covert C2 in Sandbox Mode
Technical Analysis
First: 16.03.2026 15:00
Last: 16.03.2026 15:00
Sources 1
About this happening:
Researchers demonstrated **DNS-based exfiltration** and covert **C2** against **AWS Bedrock AgentCore Code Interpreter**, showing cloud AI code execution environments can still le...
AWS Bedrock AgentCore Code Interpreter DNS exfiltration and covert C2 in Sandbox Mode
Technical AnalysisAbout this happening: Researchers demonstrated **DNS-based exfiltration** and covert **C2** against **AWS Bedrock AgentCore Code Interpreter**, showing cloud AI code execution environments can still le...
Vm2 maintainers security patch release for CVE-2026-22709
Security Patch Release
First: 28.01.2026 16:01
Last: 28.01.2026 16:01
Sources 1
About this happening:
**vm2** maintainers released a fix for **CVE-2026-22709** in **vm2 3.10.2** and directed users to upgrade to **3.10.3**, reducing the risk of **sandbox escape** and **arbitrary co...
Vm2 maintainers security patch release for CVE-2026-22709
Security Patch ReleaseAbout this happening: **vm2** maintainers released a fix for **CVE-2026-22709** in **vm2 3.10.2** and directed users to upgrade to **3.10.3**, reducing the risk of **sandbox escape** and **arbitrary co...
Palo Alto Networks security patch release for CVE-2026-0227
Security Patch Release
First: 15.01.2026 10:18
Last: 15.01.2026 10:18
Sources 1
About this happening:
**Palo Alto Networks** released **security updates** for **CVE-2026-0227**, a high-severity flaw in **PAN-OS** and **Prisma Access** affecting **GlobalProtect Gateway and Portal**...
Palo Alto Networks security patch release for CVE-2026-0227
Security Patch ReleaseAbout this happening: **Palo Alto Networks** released **security updates** for **CVE-2026-0227**, a high-severity flaw in **PAN-OS** and **Prisma Access** affecting **GlobalProtect Gateway and Portal**...
Fortinet security patch release for CVE-2025-64155
Security Patch Release
First: 14.01.2026 13:53
Last: 14.01.2026 13:53
Sources 1
About this happening:
**Fortinet** released security updates for **FortiSIEM** and **FortiFone**, closing **critical vulnerabilities** that could let **unauthenticated attackers** achieve **code execut...
Fortinet security patch release for CVE-2025-64155
Security Patch ReleaseAbout this happening: **Fortinet** released security updates for **FortiSIEM** and **FortiFone**, closing **critical vulnerabilities** that could let **unauthenticated attackers** achieve **code execut...
VoidLink analysis reveals Kubernetes/Docker checks and modular anti-analysis behavior
Technical Analysis
First: 14.01.2026 00:12
Last: 14.01.2026 00:12
Sources 1
About this happening:
**VoidLink** is a **Linux C2 framework** built for **cloud and container environments**, with **multi-cloud targeting** across **AWS, Google Cloud Platform, Microsoft Azure, Aliba...
VoidLink analysis reveals Kubernetes/Docker checks and modular anti-analysis behavior
Technical AnalysisAbout this happening: **VoidLink** is a **Linux C2 framework** built for **cloud and container environments**, with **multi-cloud targeting** across **AWS, Google Cloud Platform, Microsoft Azure, Aliba...
Timeline
-
03.02.2026 17:15 1 articles · 3mo ago
Noma Labs reports DockerDash to Docker
Initial DisclosureNoma Labs notifies Docker that a malicious Docker LABEL inside a Docker image can be turned into executable instructions by Ask Gordon through the Model Context Protocol (MCP) gateway, creating a path from unverified metadata to MCP tool execution without validation.
Show sources
- DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon — www.infosecurity-magazine.com — 03.02.2026 17:15
-
03.02.2026 17:15 1 articles · 3mo ago
Docker confirms the Ask Gordon vulnerability
Technical Analysis UpdateDocker confirms the Ask Gordon vulnerability on October 13, 2025, acknowledging that the metadata-to-MCP execution chain can move unverified Docker image labels into tool actions without validation.
Show sources
- DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon — www.infosecurity-magazine.com — 03.02.2026 17:15
-
03.02.2026 17:15 2 articles · 3mo ago
Docker Desktop 4.50.0 fixes Ask Gordon
Mitigation Patch UpdateDocker Desktop version 4.50.0 is released on November 6, 2025 to address the Ask Gordon flaw, stop rendering user-provided image URLs, and require explicit user confirmation before any MCP tool invocation.
Show sources
- DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon — www.infosecurity-magazine.com — 03.02.2026 17:15
- DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon — www.infosecurity-magazine.com — 03.02.2026 17:15
-
03.02.2026 17:15 1 articles · 3mo ago
Public disclosure of DockerDash
Initial DisclosureResearchers publicly disclose DockerDash on February 3, 2026, describing how malicious Docker LABEL metadata can drive Ask Gordon and the MCP gateway into critical-impact RCE in cloud or CLI deployments and data exfiltration and reconnaissance in Docker Desktop.
Show sources
- DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon — www.infosecurity-magazine.com — 03.02.2026 17:15