Vulnerability Reportcalico/node:v3.31.5-58-g302912362136

calico/node:v3.31.5-58-g302912362136

DIGESTsha256:f104957040dd0e2351ee0c86905ebe3c5d96d165cdf3d0f85c721d5c62ad8f4a

Executive Summary

Threat ScoreNEEDS ATTENTION• Image is popular community image with high trust (score 90) and pinned by digest for immutability.• Two medium-severity vulnerabilities: CVE-2023-2650 (6.76) and CVE-2023-0464 (6.0) in openssl-libs, both with MEDIUM context importance.• CVE-2023-0464 requires non-default policy constraints to be exploitable, reducing practical risk.• Overall 59 exposed vulnerabilities (all < 7.0) and 17 post-exploit vulnerabilities (max 3.37) indicate no immediate critical threats.• No high or critical severity CVEs found.

25/100NEEDS ATTENTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (1719M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This base/runtime image is a reasonable foundation, but it ships vulnerabilities worth remediating in the images built on top of it. The two medium-severity CVEs (CVE-2023-2650 and CVE-2023-0464) in openssl-libs can cause denial of service under specific conditions: CVE-2023-2650 if the container connects to a malicious TLS server, and CVE-2023-0464 only if non-default policy constraints are enabled. Disabling policy constraints (default) fully mitigates CVE-2023-0464. With 59 total exposed vulnerabilities but no high or critical ones, this image is a reasonable choice for a base, but consider upgrading openssl-libs in the final image to eliminate these CVEs. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.

Vulnerabilities

Vulnerability Log

94 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2023-2650	MEDIUM6.76	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	77.9% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2023-0464	MEDIUM6	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	3.7% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-4105	MEDIUM5.7	systemd-libs 239-82.el8_10.17 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc 2.28-251.el8_10.37 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc-common 2.28-251.el8_10.37 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc-minimal-langpack 2.28-251.el8_10.37 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2019-14250	MEDIUM5.5	libgcc 8.5.0-28.el8_10 No fix yet	2.3% Low-Moderate Risk	Directly Exposed
CVE-2024-0727	MEDIUM5.5	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	3.2% Low-Moderate Risk	Directly Exposed
CVE-2021-3997	MEDIUM5.5	systemd-libs 239-82.el8_10.17 No fix yet	1.5% Low-Moderate Risk	Directly Exposed
CVE-2026-34181	MEDIUM5.35	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2023-0466	MEDIUM5.3	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	1.6% Low-Moderate Risk	Directly Exposed
CVE-2023-0465	MEDIUM5.3	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	1.6% Low-Moderate Risk	Directly Exposed
CVE-2026-28388	MEDIUM5.1	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	glibc 2.28-251.el8_10.37 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	glibc-common 2.28-251.el8_10.37 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	glibc-minimal-langpack 2.28-251.el8_10.37 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-2511	MEDIUM4.81	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	54.0% Actively Exploited	Directly Exposed
CVE-2022-3606	MEDIUM4.67	libbpf 0.5.0-1.el8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc 8.5.0-28.el8_10 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.2.11-25.el8 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	xz-libs 5.2.4-4.el8_6 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM4.42	glibc 2.28-251.el8_10.37 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM4.42	glibc-common 2.28-251.el8_10.37 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM4.42	glibc-minimal-langpack 2.28-251.el8_10.37 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2018-20839	MEDIUM4.3	systemd-libs 239-82.el8_10.17 No fix yet	2.5% Low-Moderate Risk	Directly Exposed
CVE-2026-42250	MEDIUM4.25	bzip2-libs 1.0.6-28.el8_10 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc 2.28-251.el8_10.37 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc 2.28-251.el8_10.37 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-common 2.28-251.el8_10.37 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-common 2.28-251.el8_10.37 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-minimal-langpack 2.28-251.el8_10.37 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-minimal-langpack 2.28-251.el8_10.37 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-28387	MEDIUM4.13	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2021-24032	MEDIUM4	libzstd 1.4.4-1.el8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-4598	MEDIUM4	systemd-libs 239-82.el8_10.17 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2024-41996	LOW3.54	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-25260	LOW3.4	elfutils-libelf 0.190-2.el8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc 2.28-251.el8_10.37 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc-common 2.28-251.el8_10.37 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc-minimal-langpack 2.28-251.el8_10.37 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-46836	LOW3.37	net-tools 2.0-0.52.20160912git.el8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5958	LOW3.21	sed 4.5-5.el8_10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW3.15	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-31789	LOW3	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2018-20657	LOW2.7	libgcc 8.5.0-28.el8_10 No fix yet	4.0% Low-Moderate Risk	Post-Exploit
CVE-2022-4899	LOW2.7	libzstd 1.4.4-1.el8 No fix yet	1.6% Low-Moderate Risk	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.32.1-48.el8_10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-29111	LOW2.39	systemd-libs 239-82.el8_10.17 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2021-45940	LOW2.34	libbpf 0.5.0-1.el8 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2021-45941	LOW2.34	libbpf 0.5.0-1.el8 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-28390	LOW2.29	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.8% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	pcre2 10.32-3.el8_6 No fix yet	1.0% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	openssl-libs 1:1.1.1k-16.el8_6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils-single 8.30-17.el8_10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	shadow-utils 2:4.6-23.el8_10 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-11961	LOW1.61	libpcap 14:1.9.1-5.el8 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2021-39537	NONE0	ncurses-base 6.1-10.20180224.el8 No fix yet	3.0% Low-Moderate Risk	Not Applicable
CVE-2021-39537	NONE0	ncurses-libs 6.1-10.20180224.el8 No fix yet	3.0% Low-Moderate Risk	Not Applicable
CVE-2020-19185	NONE0	ncurses-base 6.1-10.20180224.el8 No fix yet	1.4% Low-Moderate Risk	Not Applicable
CVE-2020-19186	NONE0	ncurses-base 6.1-10.20180224.el8 No fix yet	1.5% Low-Moderate Risk	Not Applicable
CVE-2020-19187	NONE0	ncurses-base 6.1-10.20180224.el8 No fix yet	1.4% Low-Moderate Risk	Not Applicable
CVE-2020-19188	NONE0	ncurses-base 6.1-10.20180224.el8 No fix yet	1.4% Low-Moderate Risk	Not Applicable
CVE-2020-19189	NONE0	ncurses-base 6.1-10.20180224.el8 No fix yet	1.9% Low-Moderate Risk	Not Applicable
CVE-2020-19190	NONE0	ncurses-base 6.1-10.20180224.el8 No fix yet	1.4% Low-Moderate Risk	Not Applicable
CVE-2023-50495	NONE0	ncurses-base 6.1-10.20180224.el8 No fix yet	1.0% Theoretical Threat	Not Applicable
CVE-2020-19185	NONE0	ncurses-libs 6.1-10.20180224.el8 No fix yet	1.4% Low-Moderate Risk	Not Applicable
CVE-2020-19186	NONE0	ncurses-libs 6.1-10.20180224.el8 No fix yet	1.5% Low-Moderate Risk	Not Applicable
CVE-2020-19187	NONE0	ncurses-libs 6.1-10.20180224.el8 No fix yet	1.4% Low-Moderate Risk	Not Applicable
CVE-2020-19188	NONE0	ncurses-libs 6.1-10.20180224.el8 No fix yet	1.4% Low-Moderate Risk	Not Applicable
CVE-2020-19189	NONE0	ncurses-libs 6.1-10.20180224.el8 No fix yet	1.9% Low-Moderate Risk	Not Applicable
CVE-2020-19190	NONE0	ncurses-libs 6.1-10.20180224.el8 No fix yet	1.4% Low-Moderate Risk	Not Applicable
CVE-2023-50495	NONE0	ncurses-libs 6.1-10.20180224.el8 No fix yet	1.0% Theoretical Threat	Not Applicable
CVE-2018-19211	NONE0	ncurses-base 6.1-10.20180224.el8 No fix yet	0.9% Theoretical Threat	Not Applicable
CVE-2018-19211	NONE0	ncurses-libs 6.1-10.20180224.el8 No fix yet	0.9% Theoretical Threat	Not Applicable