Invalid Port Number

HIGH

EXPOSE instruction has invalid port number. Valid ports are 1-65535.

Rule Information

Language
Docker
Category
Correctness
Author
Shivasurya
Shivasurya
Last Updated
2026-03-22
Tags
dockerdockerfileportexposevalidationinput-validationcorrectnessnetworkingconfiguration
CWE References
CWE-20

Interactive Playground

Experiment with the vulnerable code and security rule below. Edit the code to see how the rule detects different vulnerability patterns.

pathfinder scan --ruleset docker/DOCKER-COR-002 --project .
1
2
rule.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

About This Rule

Understanding the vulnerability and how it is detected

Detects EXPOSE instructions with invalid port numbers. Valid ports are 1-65535.

How to Fix

Recommended remediation steps

  • 1Review your Dockerfile to address the invalid port number issue
  • 2Follow Docker official best practices for image building
  • 3Use docker build --check to validate Dockerfile syntax and best practices

Similar Rules

Explore related security rules for Docker

MEDIUM

Multiple ENTRYPOINT Instructions

Dockerfile has multiple ENTRYPOINT instructions. Only the last one takes effect, making earlier ones misleading.

MEDIUM

Multiple CMD Instructions

Multiple CMD instructions detected. Only the last one takes effect.

Frequently Asked Questions

Common questions about Invalid Port Number

EXPOSE instruction has invalid port number. Valid ports are 1-65535.
Review the secure code example in the playground above and apply the recommended pattern to your Dockerfile or docker-compose.yml.

New feature

Get these findings posted directly on your GitHub pull requests

The Invalid Port Number rule runs in CI and posts inline review comments on the exact lines — no dashboard, no SARIF viewer.

See how it works
Back to CorrectnessAll Languages →