Vulnerability Reportdgraph/dgraph:v25.3.3

dgraph/dgraph:v25.3.3

DIGESTsha256:b4208e86619e3bfa9cc198905f6e0f33e0ab9b36223e86f2c3600cba99bfb984

Executive Summary

Threat ScoreCAUTION• 13 vulnerabilities with severity >=6.0 found, including several Denial of Service (DoS) issues in crypto/tls, nghttp2, and go-jose libraries.• Top exposed surface includes CVE-2026-33810 (severity 6.97, certificate validation bypass) and CVE-2026-27135 (severity 6.38, HTTP/2 DoS) affecting core networking functions.• Image is reliable (popular community image, 23M+ pulls, pinned by digest) but contains 62 total exposed vulnerabilities, with maximum severity 6.97.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (23M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service via crafted TLS handshakes (CVE-2026-33810, CVE-2026-27135) or crash the HTTP/2 server, disrupting Dgraph availability. Mitigation: disable RSA-PSK authentication and avoid processing PKCS#7 messages to eliminate CVE-2026-42010 and CVE-2026-45447, which require non-default configurations. However, most DoS vulnerabilities (e.g., CVE-2026-32280, CVE-2026-32283) are inherent to Go's standard library and require urgent patching.

Vulnerabilities

Vulnerability Log

109 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-33810	MEDIUM6.97	stdlib v1.26.1 fixed in 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42010	MEDIUM6.66	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-45447	MEDIUM6.48	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-42009	MEDIUM6.38	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Directly Exposed
CVE-2026-27135	MEDIUM6.38	libnghttp2-14 1.59.0-1ubuntu0.2 fixed in 1.59.0-1ubuntu0.3	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34986	MEDIUM6.38	github.com/go-jose/go-jose/v4 v4.1.3 fixed in 4.1.4	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32280	MEDIUM6.38	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32281	MEDIUM6.38	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32283	MEDIUM6.38	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-3833	MEDIUM6.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42011	MEDIUM6.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42012	MEDIUM6.03	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.9	libgcrypt20 1.10.3-2build1 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-42014	MEDIUM5.61	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5260	MEDIUM5.58	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM5.52	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39979	MEDIUM5.52	libjq1 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39956	MEDIUM5.18	libjq1 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-41989	MEDIUM5.1	libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33811	MEDIUM5.1	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33814	MEDIUM5.1	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-33947	MEDIUM4.67	libjq1 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.2% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM4.5	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Directly Exposed
CVE-2026-33948	MEDIUM4.5	libjq1 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.26.1 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5545	LOW3.31	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5958	LOW3.21	sed 4.9-2build1 fixed in 4.9-2ubuntu0.24.04.1	0.1% Theoretical Threat	Post-Exploit
CVE-2026-3832	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5419	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-39956	LOW3.11	jq 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW3.01	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW3.01	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	1.4% Low-Moderate Risk	Post-Exploit
CVE-2025-45582	LOW2.86	tar 1.35+dfsg-3build1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33947	LOW2.8	jq 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-7383	LOW2.8	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.8	libsystemd0 255.4-1ubuntu8.15 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 255.4-1ubuntu8.15 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-33845	LOW2.78	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33948	LOW2.7	jq 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW2.7	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW2.7	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-34743	LOW2.7	xz-utils 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-34180	LOW2.55	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.5% Theoretical Threat	Post-Exploit
CVE-2026-42013	LOW2.51	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.4% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW2.29	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW2.29	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.3% Theoretical Threat	Post-Exploit
CVE-2026-32316	LOW2.29	jq 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.5% Theoretical Threat	Post-Exploit
CVE-2026-40164	LOW2.29	jq 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW2.29	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW2.29	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33846	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.9% Theoretical Threat	Post-Exploit
CVE-2026-32316	LOW2.29	libjq1 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.5% Theoretical Threat	Post-Exploit
CVE-2026-40164	LOW2.29	libjq1 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-39979	LOW1.99	jq 1.7.1-3ubuntu0.24.04.1 fixed in 1.7.1-3ubuntu0.24.04.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW1.89	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	login 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-2219	NONE0	dpkg 1.22.6ubuntu6.5 fixed in 1.22.6ubuntu6.6	0.4% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.1 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.1 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable