CVE-2020-10665

MEDIUM

Docker Desktop <2.1.0.9-2.2.2.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10665. PoCs published by spaceraccoon.

AI-analyzed exploit summary This PoC exploits CVE-2020-10665, a privilege escalation vulnerability in Docker for Windows, by creating hardlinks to a DLL file in a predictable location where Docker diagnostics writes files, allowing an attacker to gain elevated permissions.

Description

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.

Exploits (1)

nomisec WORKING POC 54 stars

by spaceraccoon · poc

https://github.com/spaceraccoon/CVE-2020-10665

View Code ZIP pw:eip

This PoC exploits CVE-2020-10665, a privilege escalation vulnerability in Docker for Windows, by creating hardlinks to a DLL file in a predictable location where Docker diagnostics writes files, allowing an attacker to gain elevated permissions.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Docker for Windows (versions prior to fix for CVE-2020-10665)

No auth needed

Prerequisites: Docker for Windows installed · Attacker must have local access to the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-002.md

View Writeup ZIP pw:eip

Release Notes, Vendor Advisory x_refsource_misc

https://docs.docker.com/release-notes/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/spaceraccoon/CVE-2020-10665

Scores

CVSS v3 6.7

EPSS 0.0060

EPSS Percentile 69.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-59

Status published

Products (3)

docker/desktop < 2.1.0.9

docker/desktop < 2.2.0.4

docker/desktop < 2.2.2.0

Published Mar 18, 2020

Tracked Since Feb 18, 2026