The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability.
Conclusion & alert: CVE-2016-6595 is rated Moderate Risk (56.6/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.45%). Core evidence: EPSS rose +1.80% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.65% | 2.45% | +1.80% |
| 2 | 2025-09-14 | 0.79% | 0.65% | -0.14% |
| 3 | 2025-07-12 | — | 0.79% | — |
Full EPSS history (8 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.5 | 3.0 | MEDIUM |
|
2.8 | 3.6 | [email protected] |
| 4.0 | 2.0 | MEDIUM |
|
8.0 | 2.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
unimportant | CVE-2016-6595 unimportant priority: Debian including 1 source packages (docker.io), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2016-6595 |
redhat
|
low | — | https://access.redhat.com/security/cve/CVE-2016-6595 |
ubuntu
|
medium | CVE-2016-6595 medium priority: Ubuntu including 1 source packages (docker.io), 4 status rows across 4 suites (precise, trusty, upstream, xenial): DNE 2, needs-triage 1, not-affected 1. | https://ubuntu.com/security/CVE-2016-6595 |
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/08/04/1 | Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2016/09/02/1 | Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2016/09/02/8 | Third Party Advisory |
| http://www.securityfocus.com/bid/92195 | |
| http://www.securitytracker.com/id/1036548 |