Vulnerability Reportapache/kafka:4.1.1

apache/kafka:4.1.1apache/kafka:4.1.1-rc2

DIGESTsha256:0bc1bb2478f45b6cea78864df86acdc11e8df2c5172477819a4d12942cbe5d40

Executive Summary

Threat ScoreDANGEROUS• Critical authentication bypass (CVE-2026-33557) enables unauthenticated remote access to Kafka cluster with default JWT validation.• 111 total exposed vulnerabilities, including 40 with severity ≥6.0 and a maximum severity of 7.31.• Threat score of 75 indicates DANGEROUS risk level.• Image is popular and pinned by digest but lacks official Docker verification.

75/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (29M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker can bypass authentication and gain full control over the Kafka cluster using a crafted JWT token (CVE-2026-33557). This vulnerability is enabled by default and requires no special privileges. To mitigate, explicitly configure the JWT validator class to BrokerJwtValidator. Note that this risk is present if OAuthBearer authentication is used, which is the default configuration.

Vulnerabilities

Vulnerability Log

188 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-33557	HIGH7.31	org.apache.kafka:kafka-clients 4.1.1 fixed in 4.1.2	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-28387	MEDIUM6.88	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-28387	MEDIUM6.88	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42010	MEDIUM6.66	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-25210	MEDIUM6.63	libexpat 2.7.3-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22801	MEDIUM6.63	libpng 1.6.47-r0 fixed in 1.6.54-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-40200	MEDIUM6.63	musl 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22184	MEDIUM6.63	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-32988	MEDIUM6.56	gnutls 3.8.8-r0 fixed in 3.8.12-r0	1.2% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-33636	MEDIUM6.46	libpng 1.6.47-r0 fixed in 1.6.56-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33846	MEDIUM6.38	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-42009	MEDIUM6.38	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34479	MEDIUM6.38	org.apache.logging.log4j:log4j-1.2-api 2.24.3 fixed in 2.25.4	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34478	MEDIUM6.38	org.apache.logging.log4j:log4j-core 2.24.3 fixed in 2.25.4	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34480	MEDIUM6.38	org.apache.logging.log4j:log4j-core 2.24.3 fixed in 2.25.4	0.9% Theoretical Threat	Directly Exposed
CVE-2026-1605	MEDIUM6.38	org.eclipse.jetty:jetty-server 12.0.22 fixed in 12.1.6, 12.0.32	0.4% Theoretical Threat	Directly Exposed
CVE-2025-66566	MEDIUM6.38	org.lz4:lz4-java 1.8.0 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-3833	MEDIUM6.29	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42011	MEDIUM6.29	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-2332	MEDIUM6.18	org.eclipse.jetty:jetty-http 12.0.22 fixed in 12.1.7, 12.0.33	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42012	MEDIUM6.03	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-64720	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-65018	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-66293	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.53-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22695	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.54-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-1584	MEDIUM6	gnutls 3.8.8-r0 fixed in 3.8.12-r0	1.3% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-13151	MEDIUM5.9	libtasn1 4.20.0-r0 fixed in 4.21.0-r0	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-35554	MEDIUM5.78	org.apache.kafka:kafka-clients 4.1.1 fixed in 3.9.2, 4.0.2, 4.1.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42014	MEDIUM5.61	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42013	MEDIUM5.58	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5260	MEDIUM5.58	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-6395	MEDIUM5.52	gnutls 3.8.8-r0 fixed in 3.8.12-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-11143	MEDIUM5.52	org.eclipse.jetty:jetty-http 12.0.22 fixed in 12.0.31, 12.1.5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-12183	MEDIUM5.52	org.lz4:lz4-java 1.8.0 fixed in 1.8.1	0.7% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-12243	MEDIUM5.3	gnutls 3.8.8-r0 fixed in 3.8.12-r0	1.2% Low-Moderate Risk	Directly Exposed
CVE-2025-32989	MEDIUM5.3	gnutls 3.8.8-r0 fixed in 3.8.12-r0	1.2% Low-Moderate Risk	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-64506	MEDIUM5.18	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34477	MEDIUM5.02	org.apache.logging.log4j:log4j-core 2.24.3 fixed in 2.25.4	0.4% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32776	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-32777	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32778	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-14831	MEDIUM4.5	gnutls 3.8.8-r0 fixed in 3.8.12-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM4.5	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-68161	MEDIUM4.08	org.apache.logging.log4j:log4j-core 2.24.3 fixed in 2.25.3	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.5.4-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	openssl 3.5.4-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40200	LOW3.98	musl-utils 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69419	LOW3.77	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW3.77	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-64505	LOW3.74	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34757	LOW3.74	libpng 1.6.47-r0 fixed in 1.6.57-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68973	LOW3.57	gnupg 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gnupg-dirmngr 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gnupg-gpgconf 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gnupg-keyboxd 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gnupg-utils 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gnupg-wks-client 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gpg 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gpg-agent 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gpg-wks-server 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gpgsm 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gpgv 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-9820	LOW3.4	gnutls 3.8.8-r0 fixed in 3.8.12-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-2673	LOW3.31	openssl 3.5.4-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-34181	LOW3.21	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42768	LOW3.21	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-3832	LOW3.15	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5419	LOW3.15	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-11187	LOW3.11	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-31790	LOW3.01	openssl 3.5.4-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW3.01	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2025-15468	LOW3.01	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2025-66199	LOW3.01	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2025-69420	LOW3.01	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-22796	LOW3.01	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW3.01	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW3.01	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW3.01	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	openssl 3.5.4-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.4-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	openssl 3.5.4-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-6042	LOW2.8	musl-utils 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Post-Exploit
CVE-2025-15469	LOW2.8	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-22795	LOW2.8	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-7383	LOW2.8	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33845	LOW2.78	gnutls 3.8.8-r0 fixed in 3.8.13-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33416	LOW2.7	libpng 1.6.47-r0 fixed in 1.6.56-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-42766	LOW2.7	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW2.7	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-67030	LOW2.69	org.codehaus.plexus:plexus-utils 3.5.1 fixed in 4.0.3, 3.6.1	0.7% Theoretical Threat	Post-Exploit
CVE-2026-34180	LOW2.55	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2025-32990	LOW2.51	gnutls 3.8.8-r0 fixed in 3.8.12-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-25646	LOW2.48	libpng 1.6.47-r0 fixed in 1.6.55-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	openssl 3.5.4-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gnupg 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gnupg-dirmngr 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gnupg-gpgconf 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gnupg-keyboxd 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gnupg-utils 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gnupg-wks-client 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpg 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpg-agent 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpg-wks-server 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpgsm 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpgv 2.4.7-r0 fixed in 2.4.9-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68160	LOW2.4	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	openssl 3.5.4-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	openssl 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	openssl 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-24515	LOW2.12	libexpat 2.7.3-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW2.04	openssl 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW1.89	openssl 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox 1.37.0-r19 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox-binsh 1.37.0-r19 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	ssl_client 1.37.0-r19 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2024-58251	NONE0	busybox 1.37.0-r19 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox-binsh 1.37.0-r19 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	ssl_client 1.37.0-r19 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.19.0 fixed in 2.21.1, 2.18.6	—	Not Applicable