The host is installed with Docker Desktop before 4.27.1 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle a malicious BuildKit frontend or Dockerfile using RUN --mount. Successful exploitation allows attackers to trick the feature that removes empty files created for the mountpoints into removing a file outside the container from the host system.