{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-8936","assignerOrgId":"686469e6-3ff6-451b-ab8b-cf5b9e89401e","state":"PUBLISHED","assignerShortName":"Docker","dateReserved":"2026-05-19T11:32:59.932Z","datePublished":"2026-06-02T21:09:03.375Z","dateUpdated":"2026-06-03T14:08:05.541Z"},"containers":{"cna":{"providerMetadata":{"orgId":"686469e6-3ff6-451b-ab8b-cf5b9e89401e","shortName":"Docker","dateUpdated":"2026-06-02T21:09:03.375Z"},"title":"Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-674","description":"CWE-674 Uncontrolled Recursion","type":"CWE"}]}],"affected":[{"vendor":"Docker","product":"Docker Desktop","platforms":["Windows","MacOS","Linux"],"versions":[{"status":"affected","version":"4.33.0","lessThan":"4.76.0","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.","supportingMedia":[{"type":"text/html","base64":false,"value":"Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.<br>"}]}],"references":[{"url":"https://docs.docker.com/desktop/release-notes/#4760"}],"x_generator":{"engine":"Vulnogram 0.5.0"},"credits":[{"lang":"en","value":"Nitesh Surana of TrendAI Research of Trend Micro","type":"finder"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":8.2,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/R:U"}}],"source":{"discovery":"EXTERNAL"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-03T13:53:15.746166Z","id":"CVE-2026-8936","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-03T14:08:05.541Z"}}]}}