If accessible, provides full control over all containers and the host 2. **Docker API** — When exposed over TCP without TLS, enables remote exploitation 3. **Docker Images** — May contain vulnerabilities, malware, or secrets 4. **Docker Registries** — Can be compromised to serve malicious images 5.