Docker’s AI assistant is vulnerable to cyber attack.

A critical vulnerability named “DockerDash” was discovered in Docker’s Ask Gordon AI assistant, caused by the MCP Gateway trusting unvalidated metadata instructions. Malicious actors can embed harmful commands into Docker image metadata labels, which the AI processes and forwards for execution without verification. This results in remote code execution for cloud/CLI systems and data exfiltration for desktop environments.

Read more:

https://www.securityweek.com/dockerdash-flaw-in-docker-ai-assistant-leads-to-rce-data-theft/