Docker shipped two Desktop releases within five days: 4.72.0 on May 6 and 4.73.0 on May 11. The first contains an important security fix in the Linux VM kernel. The second focuses on stability, with a notable fix for Mac Apple Silicon users.
CVE-2026-31431: privilege escalation inside the host VM
The most significant issue in 4.72.0 is a privilege escalation affecting container isolation from the Linux VM that Docker Desktop runs on macOS. CVE-2026-31431 allows an unprivileged user inside a container to gain root inside the host VM through a controlled write into the host VM’s kernel page cache. The fix is a backport of an upstream Linux kernel patch that blocks this type of page cache access.
Context matters here. Docker Desktop on Mac runs containers inside a Linux VM, not directly on the macOS host. So the escalation grants root in the VM, not on the user’s macOS system. That said, in workflows where multiple containers share the same host VM — local CI environments, multi-tenant test setups, or complex Docker Compose stacks — root in the VM is already a meaningful attack surface: it allows reading mounted volumes, modifying other containers’ processes, and accessing secrets injected into the environment.
Anyone running unverified third-party images in their stacks should treat this update as a priority.
Logs view goes GA, OpenAI Responses API in Model Runner
Version 4.72.0 also includes a few operational additions. The Logs view in the Docker Desktop UI reaches general availability after a beta period. It provides centralized container log viewing with filtering by Compose stack — useful for teams that prefer the graphical interface over the terminal for quick debugging.
Docker Model Runner gains support for the OpenAI Responses API, which adds an OpenAI SDK-compatible interface for building AI applications backed by Model Runner as a local inference backend, without changing application code. This pairs with vLLM Metal support on Apple Silicon that had been introduced in prior releases and is consolidated here.
Main component versions in 4.72.0: Docker Agent v1.50.0, Docker DHI v0.0.3, Docker Model Runner v1.1.37, Docker Credential Helpers v0.9.6.
RHEL 8 support dropped, as announced
As signaled in the 4.71.0 release notes, support for Red Hat Enterprise Linux 8 ends with 4.72.0. Docker Desktop now requires RHEL 9 or RHEL 10 on Red Hat environments. Teams running Docker Desktop on RHEL 8 Linux machines — typically shared build systems or managed workstations — need to schedule an OS upgrade.
4.73.0: the Apple Silicon memory fix
The 4.73.0 release addresses a progressive memory consumption issue on Apple Silicon Macs. The Linux VM was not properly returning freed container memory to the host OS’s balloon driver after containers stopped. Over long working sessions with repeated container start/stop cycles, this caused RAM usage to grow without releasing back to macOS between sessions.
The problem had been reported by multiple M1, M2, and M3 users in the Docker community forums. The fix targets the mechanism by which the VM handles returning free pages to the host.
Other fixes in 4.73.0 worth noting:
Cmd+Qno longer leaves Docker Desktop processes running in the background after quit.- Containers no longer receive corrupted source IP addresses when another container has active outbound connections on the same subnet range.
- Unnecessary network traffic to
mcp.docker.comon sign-in has been removed. - A containerd ref lock that blocked subsequent image loads has been resolved.
Docker Engine updated to v29.4.3 in 4.73.0.
How to update
Docker Desktop updates automatically by default. To verify the installed version: Docker Desktop > Settings > Software Updates or run docker version in the terminal. Users who have disabled automatic updates need to download the installer manually from docker.com.
The next release worth watching will likely be tied to the WWDC26 cycle in June: Docker Desktop typically ships compatibility updates for new macOS versions in the weeks following the release of Apple’s first public betas.
