Docker AI Bug Lets Image Metadata Trigger Attacks

AI Assistant Executes Hidden Commands Embedded in Docker Image Labels Rashmi Ramesh (rashmiramesh_) • February 6, 2026

A critical vulnerability in Docker's Ask Gordon artificial intelligence assistant allows attackers to execute malicious commands by hiding them in the container application development platform's image metadata, said security researchers.

See Also: OnDemand | From Agents to Action: How Identity for AI Builds Trust at Global Scale

Dubbed DockerDash, the vulnerability exploits a failure across Docker's AI execution chain in which malicious instructions embedded in image metadata labels are read by the Gordon AI assistant, forwarded to executed through the model context protocol tools without validation at any stage, said Noma Labs. The flaw results in remote code execution on cloud and command-line systems or data exfiltration on desktop applications depending on permission levels.

Noma Labs reported the vulnerability to Docker on Sept. 17. Docker confirmed the issue ...