Remote Code Execution in Docker MCP Plugin (CVE‑2026‑55887) Enables Root‑Level Code Execution via Malicious Image Labels
What It Is — A remote‑code‑execution (RCE) flaw in Docker’s MCP Plugin that lets an attacker run arbitrary commands as root by supplying a crafted OCI image label. The vulnerability is triggered when a victim system references a malicious Docker image via the docker: URI scheme, so limited user interaction is required.
Exploitability — CVSS 8.6 (High). No public exploit code has been released, but a proof‑of‑concept exists and the vulnerability is being tracked by major threat‑intel feeds.
Affected Products — Docker MCP Plugin (MCP Gateway) on all supported operating systems.
Why It Matters for Compliance & Audit Readiness
- Highlights the need for continuous control mapping of third‑party components to SOC 2 Change Management (CC6.1) and System Operations (CC7.1) controls.
- Provides a concrete audit‑evidence point: timely patching of container‑runtime dependencies must be documented and retained.
- Reinforces the requirement for a verifiable software‑bill‑of‑materials (SBOM) and asset inventory to satisfy vendor‑risk and supply‑chain audit requirements.
Recommended Actions
- Deploy Docker’s security update for the MCP Plugin without delay.
- Enforce image‑signing and provenance checks in CI/CD pipelines to reject unsigned or tampered OCI labels.
- Map the patch‑management activity to SOC 2 Change Management controls and capture patch‑install logs as continuous evidence.
- Update your SBOM and ensure the MCP Plugin version is recorded in your asset inventory for ongoing monitoring.