From 8f54d121c3563328fe9424caeb4ab94e11fd100e Mon Sep 17 00:00:00 2001
From: Quentin Laplanche <48560996+quentin-laplanche@users.noreply.github.com>
Date: Fri, 27 Feb 2026 17:30:01 +0100
Subject: [PATCH] Add security content note for Docker Desktop 4.62.0 release
 (#24236)

<!--Delete sections as needed -->

## Description

<!-- Tell us what you did and why -->

As per title, add security note. Once approved, the CVE details will be
published.

## Related issues or tickets

<!-- Related issues, pull requests, or Jira tickets -->

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review

---------

Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
---
 content/manuals/desktop/release-notes.md           | 1 +
 content/manuals/security/security-announcements.md | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md
index 8d919f56b6..5a0d559f62 100644
--- a/content/manuals/desktop/release-notes.md
+++ b/content/manuals/desktop/release-notes.md
@@ -57,6 +57,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 ### Security
 
 - Addressed [CVE-2026-2664](https://www.cve.org/cverecord?id=CVE-2026-2664), out of bounds read in grpcfuse kernel module.
+- Addressed [CVE-2026-28400](https://www.cve.org/cverecord?id=CVE-2026-28400), runtime flag injection in Docker Model Runner.
 
 ## 4.61.0
 
diff --git a/content/manuals/security/security-announcements.md b/content/manuals/security/security-announcements.md
index f14c525ddc..f0537111e5 100644
--- a/content/manuals/security/security-announcements.md
+++ b/content/manuals/security/security-announcements.md
@@ -12,6 +12,12 @@ toc_max: 2
 
 [Subscribe to security RSS feed](/security/security-announcements/index.xml)
 
+## Docker Desktop 4.62.0 security update: CVE-2026-28400
+
+A vulnerability in Docker Desktop was fixed on February 23 in the [4.62.0](/manuals/desktop/release-notes.md#4620) release:
+
+- Addressed [CVE-2026-28400](https://www.cve.org/cverecord?id=CVE-2026-28400), runtime flag injection in Docker Model Runner.
+
 ## Docker Desktop 4.62.0 security update: CVE-2026-2664
 
 A vulnerability in Docker Desktop was fixed on February 23 in the [4.62.0](/manuals/desktop/release-notes.md#4620) release: