Vulnerability Reportcalico/node:v3.33.0-0.dev-866-gf868484449e7

calico/node:v3.33.0-0.dev-866-gf868484449e7

DIGESTsha256:75238c1778fe711ff15fae5c27d12397466a127c397bd6ab63934425bb53abb1

Executive Summary

Threat ScoreSAFE• No high-severity vulnerabilities found (max exposed severity 5.7, max post-exploit severity 2.4).• Highly trusted community image with over 1.7B pulls and a reliable reputation.• Pinned by digest ensures immutable and reproducible builds.• No flagged findings from exposed surface or post-exploit analysis.

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (1719M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This base/runtime image is a clean foundation for building production images. It contains 24 exposed vulnerabilities and 11 post-exploit-only issues, but all are low severity (highest CVSS 5.7) and none pose a significant risk. The image is widely used and verified by the community, making it a safe choice for base image. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.

Vulnerabilities

Vulnerability Log

39 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-4105	MEDIUM5.7	systemd-libs 252-67.el9_8.2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM5.1	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-31789	MEDIUM5	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2024-41996	MEDIUM4.72	openssl-libs 1:3.5.5-4.el9_8 No fix yet	1.1% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-1371	MEDIUM4.67	elfutils-libelf 0.194-1.el9 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-1377	MEDIUM4.67	elfutils-libelf 0.194-1.el9 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2021-46195	MEDIUM4.67	libgcc 11.5.0-14.el9 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc 11.5.0-14.el9 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.2.11-40.el9 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM4.42	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42250	MEDIUM4.25	bzip2-libs 1.0.8-11.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-common 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-common 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-28387	MEDIUM4.13	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2025-1376	MEDIUM4	elfutils-libelf 0.194-1.el9 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2024-25260	LOW3.4	elfutils-libelf 0.194-1.el9 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW3.1	openssl-libs 1:3.5.5-4.el9_8 No fix yet	2.0% Low-Moderate Risk	Directly Exposed
CVE-2026-34743	LOW2.7	xz-libs 5.2.5-8.el9_0 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-27456	LOW2.4	util-linux 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux-core 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.8% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	pcre2 10.40-6.el9 No fix yet	1.0% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	pcre2-syntax 10.40-6.el9 No fix yet	1.0% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	glibc 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	glibc-common 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	glibc 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	glibc-common 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-11961	LOW1.61	libpcap 14:1.10.0-4.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-50495	NONE0	ncurses-base 6.2-12.20210508.el9 No fix yet	1.0% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	ncurses-libs 6.2-12.20210508.el9 No fix yet	1.0% Theoretical Threat	Not Applicable
CVE-2026-5958	NONE0	sed 4.8-10.el9 No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2025-5278	NONE0	coreutils-single 8.32-40.el9 No fix yet	0.2% Theoretical Threat	Not Applicable