products / docker_engine
Docker Engine
Docker Engine is the container platform daemon and client. NVD tracks it as docker:docker. Low-level container escape CVEs are attributed to runc (linuxfoundation:runc) rather than this product.
api usage
Querying Docker Engine
product slug
docker_engineversion format
27.0.3, 27.5.0bash
curl "https://api.attestd.io/v1/check?product=docker_engine&version=19.03.0" \
-H "Authorization: Bearer $ATTESTD_KEY"Docker Engine 27.0.3 is affected by CVE-2024-41110, an authorization plugin bypass with critical CVSS when misconfigured API access is exposed.
json
{
"product": "docker_engine",
"version": "19.03.0",
"supported": true,
"risk_state": "high",
"risk_factors": [
"no_authentication_required",
"patch_available"
],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "19.03.9",
"confidence": 0.90,
"cve_ids": ["CVE-2020-27534"],
"last_updated": "2026-04-25T00:00:00Z"
}safe version
27.5.0 is used as a patched-line example; confirm with live /v1/check after ingestion.
bash
curl "https://api.attestd.io/v1/check?product=docker_engine&version=20.10.0" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2024-41110 | Authz plugin bypass on Docker API when certain plugin setups are used. | 27.x before patch | 9.9 |
CVE-2021-41091 | Incorrect default permissions on data root allowing container filesystem access. | Multiple trains | 6.3 |
CVE-2019-13139 | Build-time command injection via malicious Dockerfile build args. | Older Engine | 8.4 |
CVE-2020-27534 | Information disclosure via debug endpoint exposure. | Engine 19.x | 5.3 |
CVE-2021-21285 | Denial of service via crafted image pull / registry interaction. | Engine 20.x | 6.5 |
related