{"id":"GO-2026-4610","summary":"Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli","details":"Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli","aliases":["BIT-docker-cli-2025-15558","CVE-2025-15558","GHSA-p436-gjf2-799p"],"modified":"2026-03-23T04:56:01.172729157Z","published":"2026-03-10T18:28:25Z","related":["CGA-6mmj-5xc7-26c2"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2026-4610","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p"},{"type":"FIX","url":"https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa"},{"type":"FIX","url":"https://github.com/docker/cli/pull/6713"},{"type":"FIX","url":"https://github.com/docker/compose/pull/12300"},{"type":"WEB","url":"https://docs.docker.com/desktop/release-notes"},{"type":"WEB","url":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304"}],"affected":[{"package":{"name":"github.com/docker/cli","ecosystem":"Go","purl":"pkg:golang/github.com/docker/cli"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"29.2.0+incompatible"}]}],"ecosystem_specific":{"custom_ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"19.03.0+incompatible"}]}],"imports":[{"path":"github.com/docker/cli/cli-plugins/manager","symbols":["defaultSystemPluginDirs"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4610.json"}},{"package":{"name":"github.com/docker/compose","ecosystem":"Go","purl":"pkg:golang/github.com/docker/compose"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4610.json"}},{"package":{"name":"github.com/docker/compose/v2","ecosystem":"Go","purl":"pkg:golang/github.com/docker/compose/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.31.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4610.json"}},{"package":{"name":"github.com/docker/compose/v5","ecosystem":"Go","purl":"pkg:golang/github.com/docker/compose/v5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"5.1.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4610.json"}}],"schema_version":"1.7.5"}