diff --git a/tools/environments/docker.py b/tools/environments/docker.py
index 0e07d248d..70b136ffc 100644
--- a/tools/environments/docker.py
+++ b/tools/environments/docker.py
@@ -253,6 +253,26 @@ class DockerEnvironment(BaseEnvironment):
         # mode uses tmpfs (ephemeral, fast, gone on cleanup).
         from tools.environments.base import get_sandbox_dir
 
+        # SECURITY FIX (V-012): Block dangerous volume mounts
+        # Prevent privilege escalation via Docker socket or sensitive paths
+        _BLOCKED_VOLUME_PATTERNS = [
+            "/var/run/docker.sock",
+            "/run/docker.sock",
+            "/var/run/docker.pid",
+            "/proc", "/sys", "/dev",
+            ":/",  # Root filesystem mount
+        ]
+        
+        def _is_dangerous_volume(vol_spec: str) -> bool:
+            """Check if volume spec is dangerous (docker socket, root fs, etc)."""
+            for pattern in _BLOCKED_VOLUME_PATTERNS:
+                if pattern in vol_spec:
+                    return True
+            # Check for docker socket variations
+            if "docker.sock" in vol_spec.lower():
+                return True
+            return False
+        
         # User-configured volume mounts (from config.yaml docker_volumes)
         volume_args = []
         workspace_explicitly_mounted = False
@@ -263,6 +283,15 @@ class DockerEnvironment(BaseEnvironment):
             vol = vol.strip()
             if not vol:
                 continue
+            
+            # SECURITY FIX (V-012): Block dangerous volumes
+            if _is_dangerous_volume(vol):
+                logger.error(
+                    f"SECURITY: Refusing to mount dangerous volume '{vol}'. "
+                    f"Docker socket and system paths are blocked to prevent container escape."
+                )
+                continue  # Skip this dangerous volume
+            
             if ":" in vol:
                 volume_args.extend(["-v", vol])
                 if ":/workspace" in vol: