This image is safe for production use. It is an Official Docker Hub image, highly trusted and immutable, with no high or critical severity vulnerabilities exposed. While a small number of low-severity vulnerabilities exist, such as CVE-2026-40200, they primarily affect post-exploitation scenarios. These require very specific, extreme conditions like processing millions of array elements and local access to trigger, making their real-world exploitability very low.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-6042 | MEDIUM4.67 | musl 1.2.4_git20230717-r5 fixed in 1.2.4_git20230717-r6 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-6042 | MEDIUM4.67 | musl-utils 1.2.4_git20230717-r5 fixed in 1.2.4_git20230717-r6 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40200 | LOW2.39 | musl 1.2.4_git20230717-r5 fixed in 1.2.4_git20230717-r6 | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-40200 | LOW2.39 | musl-utils 1.2.4_git20230717-r5 fixed in 1.2.4_git20230717-r6 | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | busybox 1.36.1-r20 fixed in 1.36.1-r21 | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | busybox-binsh 1.36.1-r20 fixed in 1.36.1-r21 | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | ssl_client 1.36.1-r20 fixed in 1.36.1-r21 | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2024-58251 | NONE0 | busybox 1.36.1-r20 fixed in 1.36.1-r21 | <0.1% Theoretical Threat | Not Applicable |
| CVE-2024-58251 | NONE0 | busybox-binsh 1.36.1-r20 fixed in 1.36.1-r21 | <0.1% Theoretical Threat | Not Applicable |
| CVE-2024-58251 | NONE0 | ssl_client 1.36.1-r20 fixed in 1.36.1-r21 | <0.1% Theoretical Threat | Not Applicable |