What are the security implications of using Docker’s –network=host mode?

Question

Docker Fundamentals — Hard

What are the security implications of using Docker’s –network=host mode?

Accepted Answer

Using Docker's --network=host mode removes network namespace isolation, allowing the container to share the host's network stack. This bypasses Docker's NAT and port mapping, compromising network-level isolation and potentially exposing the container to security risks.