Vulnerability Reportdebian:13.4

Name: debian:13.4 Security Vulnerability Report
Creator: BaseImage
Keywords: debian:13.4, Docker security, vulnerability scan, CVE, container security, SBOM

DIGESTsha256:3352c2e13876c8a5c5873ef20870e1939e73cb9a3c1aeba5e3e72172a85ce9ed

Executive Summary

CAUTION

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could achieve local privilege escalation within the container, potentially leading to arbitrary code execution or denial of service by exploiting vulnerabilities in core system components. Notable issues include CVE-2026-4878 (libcap privilege escalation) and CVE-2026-29111 (systemd arbitrary code execution or DoS). The container runs with `bash` as its startup command and has no open ports, suggesting a focus on local execution where these local privilege escalation vulnerabilities are highly relevant. While the image is an official, trusted Docker Hub publication, the number and nature of the high-severity local vulnerabilities require careful consideration for production use.

Threat Score

50/100

CAUTION

The image contains 9 "EXPOSED_SURFACE" vulnerabilities with a severity of 6.0 or higher, contributing to a 'CAUTION' verdict.
The most severe "EXPOSED_SURFACE" vulnerability is CVE-2026-4878, a local privilege escalation in libcap2 (severity 6.7).
Multiple vulnerabilities in systemd components (e.g., CVE-2026-29111, CVE-2026-40225) could lead to privilege escalation or denial of service.
The image is a "TRUSTED" Docker Official image, indicating a reliable source.
No open ports are declared, limiting direct network attack vectors.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

debian:13.4

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

115 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-4878	MEDIUM6.7	libcap2 1:2.75-10+b8 No fix yet	—	Directly Exposed
CVE-2026-29111	MEDIUM6.63	libsystemd0 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-29111	MEDIUM6.63	libudev1 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40225	MEDIUM6.4	libsystemd0 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40226	MEDIUM6.4	libsystemd0 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40225	MEDIUM6.4	libudev1 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40226	MEDIUM6.4	libudev1 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2018-20796	MEDIUM6	libc-bin 2.41-12+deb13u2 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2018-20796	MEDIUM6	libc6 2.41-12+deb13u2 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-4105	MEDIUM5.7	libsystemd0 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4105	MEDIUM5.7	libudev1 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	libc-bin 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-4437	MEDIUM5.52	libc6 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2025-14104	MEDIUM5.18	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-9192	MEDIUM5.1	libc-bin 2.41-12+deb13u2 No fix yet	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-9192	MEDIUM5.1	libc6 2.41-12+deb13u2 No fix yet	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-28390	MEDIUM5.1	libssl3t64 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-28390	MEDIUM5.1	openssl-provider-legacy 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-31790	MEDIUM5.02	libssl3t64 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM5.02	openssl-provider-legacy 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-provider-legacy 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM4.93	libssl3t64 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM4.93	openssl-provider-legacy 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc-bin 2.41-12+deb13u2 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc-bin 2.41-12+deb13u2 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc6 2.41-12+deb13u2 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc6 2.41-12+deb13u2 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.8.1-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 257.9-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libudev1 257.9-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libudev1 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libudev1 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM4.02	libssl3t64 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-27456	MEDIUM4	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69720	LOW3.98	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW3.7	libapt-pkg7.0 3.0.3 No fix yet	1.5% Low-Moderate Risk	Directly Exposed
CVE-2021-45346	LOW3.65	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2005-2541	LOW3.6	tar 1.35+dfsg-3.1 No fix yet	3.3% Low-Moderate Risk	Post-Exploit
CVE-2026-4438	LOW3.4	libc-bin 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc-bin 2.41-12+deb13u2 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc6 2.41-12+deb13u2 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW3.15	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW3.15	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28387	LOW3.15	libssl3t64 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW3.15	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28387	LOW3.15	openssl-provider-legacy 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	LOW3.11	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW3.01	libssl3t64 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28388	LOW3.01	openssl-provider-legacy 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010022	LOW3	libc-bin 2.41-12+deb13u2 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010022	LOW3	libc6 2.41-12+deb13u2 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.9	libsystemd0 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40228	LOW2.9	libudev1 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2022-0563	LOW2.8	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-70873	LOW2.8	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libsystemd0 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libudev1 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010023	LOW2.69	libc-bin 2.41-12+deb13u2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc6 2.41-12+deb13u2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-2673	LOW2.63	libssl3t64 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-2673	LOW2.63	openssl-provider-legacy 3.5.5-1~deb13u1 fixed in 3.5.5-1~deb13u2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5704	LOW2.55	tar 1.35+dfsg-3.1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2007-5686	LOW2.5	passwd 1:4.17.4-2 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2017-18018	LOW2.4	coreutils 9.7-3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 9.7-3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW2.22	apt 3.0.3 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2026-3184	LOW1.89	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.89	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.89	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.89	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-6141	LOW1.68	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-base 5.40.1-6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69720	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2007-5686	NONE0	login.defs 1:4.17.4-2 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login.defs 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Not Applicable
CVE-2025-6141	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
TEMP-0841856-B18BAF	NONE0	bash 5.2.37-2+b8 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	login.defs 1:4.17.4-2 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	passwd 1:4.17.4-2 No fix yet	—	Not Applicable
TEMP-0517018-A83CE6	NONE0	sysvinit-utils 3.14-4 No fix yet	—	Not Applicable
TEMP-0290435-0B57B5	NONE0	tar 1.35+dfsg-3.1 No fix yet	—	Not Applicable