an offensive look at docker desktop extensions

This research examines security weaknesses in Docker Desktop Extensions, showing a proof-of-concept command-injection via the extension SDK (docker.cli.exec) that can execute arbitrary host commands, and outlining persistence/privilege risks from long-running extension service containers that do not appear in docker ps and can mount host paths or the docker socket. The post documents how to reproduce the issue, inspect extension artifacts (metadata.json, docker-compose.yml, UI, service containers), and highlights the risk that malicious or obfuscated extensions—installable from registries or the Marketplace—could run code on the host; the author reported the finding to Docker.