The Docker socket provides full control over the Docker daemon. An attacker can create new containers with host filesystem mounts, privileged mode, or any other configuration, enabling complete host compromise.