CVE-2020-11492

HIGH

Docker Desktop < 2.2.0.5 - Privilege Escalation via Named Pipe Race Condition

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11492. PoCs published by CrackerCat.

AI-analyzed exploit summary This PoC exploits a Docker Desktop for Windows privilege escalation vulnerability by impersonating a named pipe client to gain SYSTEM privileges. It creates a named pipe, waits for Docker to connect, impersonates the client, duplicates the token, and launches a new process with elevated privileges.

Description

An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.

Exploits (1)

nomisec WORKING POC 2 stars
by CrackerCat · poc
https://github.com/CrackerCat/CVE-2020-11492

This PoC exploits a Docker Desktop for Windows privilege escalation vulnerability by impersonating a named pipe client to gain SYSTEM privileges. It creates a named pipe, waits for Docker to connect, impersonates the client, duplicates the token, and launches a new process with elevated privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Docker Desktop for Windows (versions before 2.3.0.2)
No auth needed
Prerequisites: Docker Desktop for Windows installed and running · Local access to the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://docs.docker.com/docker-for-windows/release-notes/

Scores

CVSS v3 7.8
EPSS 0.0094
EPSS Percentile 56.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-362
Status published
Products (1)
docker/docker_desktop < 2.2.0.5
Published Jun 05, 2020
Tracked Since Feb 18, 2026