This image carries significant risk; production deployment is highly discouraged without strict compensating controls. Exploiting vulnerabilities such as CVE-2026-48864 and CVE-2026-48863 in the critical `libsolv` library could lead to information disclosure, arbitrary code execution, or denial of service during package management operations. While this is an official and trusted Amazon Linux image, the presence of multiple high-severity flaws that are broadly applicable makes it unsuitable for direct production use without careful risk assessment and mitigation strategies.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-48864 | HIGH7.8 | libsolv 0.7.22-1.amzn2023.0.3 fixed in 0.7.22-1.amzn2023.0.4 | — | Directly ExposedContext importance: HIGH |
| CVE-2026-48863 | HIGH7.5 | libsolv 0.7.22-1.amzn2023.0.3 fixed in 0.7.22-1.amzn2023.0.4 | — | Directly ExposedContext importance: HIGH |
| CVE-2026-9149 | MEDIUM6.5 | libsolv 0.7.22-1.amzn2023.0.3 fixed in 0.7.22-1.amzn2023.0.4 | — | Directly ExposedContext importance: HIGH |
| CVE-2026-9150 | MEDIUM5.2 | libsolv 0.7.22-1.amzn2023.0.3 fixed in 0.7.22-1.amzn2023.0.4 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-6019 | LOW1.87 | python3 3.9.25-1.amzn2023.0.5 fixed in 3.9.25-1.amzn2023.0.6 | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-6019 | LOW1.87 | python3-libs 3.9.25-1.amzn2023.0.5 fixed in 3.9.25-1.amzn2023.0.6 | <0.1% Theoretical Threat | Post-Exploit |