CVE-2022-26659: 
Docker Desktop vulnerability analysis and mitigation

Docker Desktop installer on Windows in versions before 4.6.0 contained a vulnerability that allowed an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. The vulnerability was discovered on February 10, 2022, and was assigned CVE-2022-26659 on March 7, 2022. The issue affected Docker Desktop installer versions prior to 4.6.0 on Windows systems (GitHub Advisory).

The vulnerability existed in the Docker Desktop Installer's log file creation process. When running with elevated privileges, the installer would attempt to create/write install-log.txt in %LOCALAPPDATA%\Docker\ directory with high integrity. An attacker could create a symlink named install-log.txt that points to any arbitrary path, causing the installer to write its log data to the targeted location. If a file already existed at the target location, it would be overwritten with the installer's log data (GitHub Advisory).

The vulnerability could allow an unprivileged attacker with local system access to overwrite any administrator-writable files on the system, potentially leading to denial of service or other security implications depending on the targeted files (GitHub Advisory).

The vulnerability was fixed in Docker Desktop version 4.6.0. The mitigation involved changing the installer to write its log files to a location not writable by non-administrator users, implementing proper Discretionary Access Control List (DACL) for writing the logs (GitHub Advisory, Docker Release Notes).