Vulnerability Reportarangodb:3.12.8

arangodb:3.12.8
DIGESTsha256:c7c73e4f2694d70dffcf4cea779ba60355e6563018550ea70bcb77ce8e35fb97

Executive Summary

Threat Score
75/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution via CVE-2026-4800 if the container runs Foxx microservices that process untrusted input, or cause denial of service via OpenSSL (CVE-2026-28390) and brace-expansion vulnerabilities. Additionally, a gRPC authorization bypass (CVE-2026-33186) could allow unauthorized access if gRPC with path-based access controls is enabled. Note that CVE-2026-4800 and CVE-2026-33186 require specific configurations to be exploitable; all vulnerabilities are fixed in later versions of the respective packages.

Vulnerabilities

Vulnerability Log

65 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-4800HIGH7.84
lodash
4.17.21
fixed in 4.18.0
1.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-28390MEDIUM6.38
libcrypto3
3.3.6-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.3.6-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-33750MEDIUM6.38
brace-expansion
5.0.2
fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-45149MEDIUM6.38
brace-expansion
5.0.2
fixed in 5.0.6
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-33186MEDIUM6.18
google.golang.org/grpc
v1.59.0
fixed in 1.79.3
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-42306MEDIUM6.12
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69873MEDIUM5.1
ajv
8.12.0
fixed in 8.18.0, 6.14.0
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-24001MEDIUM5.1
diff
8.0.2
fixed in 8.0.3, 5.2.2, 4.0.4, 3.5.1
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-2391MEDIUM5.1
qs
6.14.1
fixed in 6.14.2
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-31790MEDIUM5.02
libcrypto3
3.3.6-r0
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.3.6-r0
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libcrypto3
3.3.6-r0
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libssl3
3.3.6-r0
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r9
fixed in 1.2.5-r10
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl-utils
1.2.5-r9
fixed in 1.2.5-r10
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-64718MEDIUM4.5
js-yaml
3.14.1
fixed in 4.1.1, 3.14.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-13465MEDIUM4.5
lodash
4.17.21
fixed in 4.17.23
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-2950MEDIUM4.5
lodash
4.17.21
fixed in 4.18.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM4.13
libcrypto3
3.3.6-r0
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM4.13
libssl3
3.3.6-r0
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-41176MEDIUM4.06
github.com/rclone/rclone
v1.65.2+dirty
fixed in 1.73.5
35.4%
High Exploitation Risk
Post-Exploit
CVE-2025-69725MEDIUM4
github.com/go-chi/chi/v5
v5.2.3
fixed in 5.2.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl
1.2.5-r9
fixed in 1.2.5-r11
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl-utils
1.2.5-r9
fixed in 1.2.5-r11
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-28388LOW3.83
libcrypto3
3.3.6-r0
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389LOW3.83
libcrypto3
3.3.6-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28388LOW3.83
libssl3
3.3.6-r0
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389LOW3.83
libssl3
3.3.6-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-41179LOW3.53
github.com/rclone/rclone
v1.65.2+dirty
fixed in 1.73.5
7.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-52522LOW3.47
github.com/rclone/rclone
v1.65.2+dirty
fixed in 1.68.2
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-41568LOW3.31
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-1229LOW3
github.com/cloudflare/circl
v1.6.1
fixed in 1.6.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-34040LOW2.81
github.com/docker/docker
v28.5.2+incompatible
fixed in 29.3.1
8.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-32952LOW2.7
github.com/Azure/go-ntlmssp
v0.0.0-20221128193559-754e69321358
fixed in 0.1.1
1.0%
Low-Moderate Risk
Post-Exploit
CVE-2026-33997LOW2.48
github.com/docker/docker
v28.5.2+incompatible
fixed in 29.3.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-25679NONE0
stdlib
v1.24.13
fixed in 1.25.8, 1.26.1
0.5%
Theoretical Threat
Not Applicable
CVE-2026-32280NONE0
stdlib
v1.24.13
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Not Applicable
CVE-2026-32281NONE0
stdlib
v1.24.13
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-32283NONE0
stdlib
v1.24.13
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Not Applicable
CVE-2026-33811NONE0
stdlib
v1.24.13
fixed in 1.25.10, 1.26.3
0.5%
Theoretical Threat
Not Applicable
CVE-2026-33814NONE0
stdlib
v1.24.13
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-39820NONE0
stdlib
v1.24.13
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39836NONE0
stdlib
v1.24.13
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-32282NONE0
stdlib
v1.24.13
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-32289NONE0
stdlib
v1.24.13
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-32288NONE0
stdlib
v1.24.13
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-27142NONE0
stdlib
v1.24.13
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39826NONE0
stdlib
v1.24.13
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42507NONE0
stdlib
v1.24.13
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable
CVE-2026-27139NONE0
stdlib
v1.24.13
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Not Applicable
CVE-2026-48038NONE0
joi
14.3.1
fixed in 18.2.1, 17.13.4
Not Applicable
CVE-2026-53550NONE0
js-yaml
3.14.1
fixed in 4.2.0
Not Applicable
CVE-2026-8723NONE0
qs
6.14.1
fixed in 6.15.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-41567NONE0
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2026-39823NONE0
stdlib
v1.24.13
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.24.13
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.24.13
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.24.13
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.24.13
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable
CVE-2026-44973NONE0
github.com/go-git/go-billy/v5
v5.5.0
fixed in 5.9.0
0.3%
Theoretical Threat
Not Applicable
CVE-2026-44740NONE0
github.com/go-git/go-billy/v5
v5.5.0
fixed in 5.9.0
0.3%
Theoretical Threat
Not Applicable
CVE-2026-49980NONE0
github.com/rclone/rclone
v1.65.2+dirty
fixed in 1.74.3
Not Applicable