CVE-2026-8936
published 2026-06-02CVE-2026-8936: Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder…
PriorityP334high8.2CVSS 4.0
AVLACLATNPRLUINVCNVINVAHSCNSINSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRUVXREXUX
EPSS
0.11%
1.9th percentile
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| docker | docker_desktop | >= 4.33.0 < 4.76.0 | 4.76.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Docker Desktop up to 4.75.x Grpcfuse Kernel recursion
vuldb·2026-06-03·CVSS 8.2
CVE-2026-8936 [HIGH] Docker Desktop up to 4.75.x Grpcfuse Kernel recursion
A vulnerability, which was classified as problematic, has been found in Docker Desktop up to 4.75.x. Affected by this issue is some unknown functionality of the component Grpcfuse Kernel Module. Performing a manipulation results in uncontrolled recursion.
This vulnerability is identified as CVE-2026-8936. The attack is only possible with local access. There is not any exploit available.
It is advisable to upgrade the affected component.
GHSA
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event.
ghsa_unreviewed·2026-06-03
CVE-2026-8936 [HIGH] CWE-674 Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event.
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-02
Published