HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Remote Code Execution in Docker MCP Plugin (CVE-2026-55887) Enables Root-Level Code Execution via Malicious Image Labels

Docker’s MCP Plugin contains a high‑severity RCE flaw (CVE‑2026‑55887) that lets an attacker execute arbitrary code as root by referencing a crafted OCI image label. The issue underscores the importance of continuous control mapping and timely patch evidence for SOC 2 audit readiness.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
4 recommended
📰
Source
zerodayinitiative.com

Remote Code Execution in Docker MCP Plugin (CVE‑2026‑55887) Enables Root‑Level Code Execution via Malicious Image Labels

What It Is — A remote‑code‑execution (RCE) flaw in Docker’s MCP Plugin that lets an attacker run arbitrary commands as root by supplying a crafted OCI image label. The vulnerability is triggered when a victim system references a malicious Docker image via the docker: URI scheme, so limited user interaction is required.

Exploitability — CVSS 8.6 (High). No public exploit code has been released, but a proof‑of‑concept exists and the vulnerability is being tracked by major threat‑intel feeds.

Affected Products — Docker MCP Plugin (MCP Gateway) on all supported operating systems.

Why It Matters for Compliance & Audit Readiness

  • Highlights the need for continuous control mapping of third‑party components to SOC 2 Change Management (CC6.1) and System Operations (CC7.1) controls.
  • Provides a concrete audit‑evidence point: timely patching of container‑runtime dependencies must be documented and retained.
  • Reinforces the requirement for a verifiable software‑bill‑of‑materials (SBOM) and asset inventory to satisfy vendor‑risk and supply‑chain audit requirements.

Recommended Actions

  • Deploy Docker’s security update for the MCP Plugin without delay.
  • Enforce image‑signing and provenance checks in CI/CD pipelines to reject unsigned or tampered OCI labels.
  • Map the patch‑management activity to SOC 2 Change Management controls and capture patch‑install logs as continuous evidence.
  • Update your SBOM and ensure the MCP Plugin version is recorded in your asset inventory for ongoing monitoring.

Source: Zero Day Initiative Advisory ZDI‑26‑363

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-363/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →