Vulnerability Reportcalico/node:v3.33.0-0.dev-866-gf868484449e7-arm64

calico/node:v3.33.0-0.dev-866-gf868484449e7-arm64

DIGESTsha256:4f0eb37ca184b33375b86b760939b02f5c5284e915a1208f82102124a176a8ba

Executive Summary

Threat ScoreSAFE• High community trust: 1.7B+ pulls, pinned by digest, POPULAR COMMUNITY label.• All 20 exposed vulnerabilities are low severity (max 5.7).• Post-exploit vulnerabilities are low severity (max 3.21).• No findings from exposed surface or post-exploit scans present significant risk.

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (1719M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This base/runtime image is a clean foundation for building production images. While the image contains 20 exposed and 17 post-exploit vulnerabilities, all are low severity with a maximum CVSS of 5.7, posing negligible practical risk. The image's high reputation and pinned digest further support its reliability. No critical or high-severity issues require attention. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.

Vulnerabilities

Vulnerability Log

39 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-4105	MEDIUM5.7	systemd-libs 252-67.el9_8.2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM5.1	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-1371	MEDIUM4.67	elfutils-libelf 0.194-1.el9 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-1377	MEDIUM4.67	elfutils-libelf 0.194-1.el9 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2021-46195	MEDIUM4.67	libgcc 11.5.0-14.el9 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc 11.5.0-14.el9 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.2.11-40.el9 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42250	MEDIUM4.25	bzip2-libs 1.0.8-11.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-common 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-common 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2025-1376	MEDIUM4	elfutils-libelf 0.194-1.el9 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2024-41996	LOW3.54	openssl-libs 1:3.5.5-4.el9_8 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-25260	LOW3.4	elfutils-libelf 0.194-1.el9 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5958	LOW3.21	sed 4.8-10.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-9232	LOW3.1	openssl-libs 1:3.5.5-4.el9_8 No fix yet	2.0% Low-Moderate Risk	Directly Exposed
CVE-2026-31789	LOW3	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux-core 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.8% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	pcre2 10.40-6.el9 No fix yet	1.0% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	pcre2-syntax 10.40-6.el9 No fix yet	1.0% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils-single 8.32-40.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	glibc 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	glibc-common 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-2673	LOW1.99	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	glibc 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	glibc-common 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34743	LOW1.62	xz-libs 5.2.5-8.el9_0 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-11961	LOW1.61	libpcap 14:1.10.0-4.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-50495	NONE0	ncurses-base 6.2-12.20210508.el9 No fix yet	1.0% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	ncurses-libs 6.2-12.20210508.el9 No fix yet	1.0% Theoretical Threat	Not Applicable