diff --git a/taskweaver/ces/environment.py b/taskweaver/ces/environment.py
index e5f30ed1..890cc10f 100644
--- a/taskweaver/ces/environment.py
+++ b/taskweaver/ces/environment.py
@@ -269,6 +269,13 @@ def start_session(
                     f"{new_port_start + 3}/tcp": None,
                     f"{new_port_start + 4}/tcp": None,
                 },
+                # Block access to host's localhost via "magic domains" in Docker Desktop,
+                # Podman, and Containerd on Lima (macOS/Windows) to prevent container escape
+                extra_hosts={
+                    "host.docker.internal": "0.0.0.0",
+                    "host.containers.internal": "0.0.0.0",
+                    "host.lima.internal": "0.0.0.0",
+                },
             )
 
             tick = 0