Vulnerability Reportdpage/pgadmin4:9.14

dpage/pgadmin4:9.14.0dpage/pgadmin4:9.14dpage/pgadmin4:2026-03-30-1

DIGESTsha256:ff557f69d9808085dc3554f56c1b06a36ac8cddabe4485212920b9604261abdb

Executive Summary

Threat ScoreCAUTION• 6 exposed-surface vulnerabilities with severity ≥6.0, including critical components like cryptography and template engine.• CVE-2026-39892 (severity 6.66) in cryptography could lead to buffer overflow and code execution if triggered.• CVE-2026-41205 (severity 6.38) in Mako template engine allows path traversal and data exposure if untrusted input is passed to get_template().• CVE-2026-44432 (severity 6.38) in urllib3 could cause denial of service via excessive decompression.• Despite the image being from a popular and trusted publisher (433M+ pulls), these vulnerabilities require attention before production deployment.• Post-exploit findings are all low severity (max 3.98), so the main concern is the exposed attack surface.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (433M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. While the pgAdmin4 image from dpage is widely used and trusted, it contains 6 medium-severity vulnerabilities on its exposed surface. The most critical are CVE-2026-39892, a buffer overflow in the cryptography library that could lead to remote code execution, and CVE-2026-41205, a path traversal in the Mako template engine that could expose sensitive files. Note that CVE-2026-41205 requires the application to pass untrusted user input to TemplateLookup.get_template(), which may not be the default in pgAdmin4. Prioritize upgrading the affected packages: cryptography to ≥46.0.7 and Mako to ≥1.3.11.

Vulnerabilities

Vulnerability Log

79 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-39892	MEDIUM6.66	cryptography 46.0.6 fixed in 46.0.7	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-41205	MEDIUM6.38	Mako 1.3.10 fixed in 1.3.11	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44432	MEDIUM6.38	urllib3 2.6.3 fixed in 2.7.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-48526	MEDIUM6.29	PyJWT 2.12.1 fixed in 2.13.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap 2.77-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap2 2.77-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42311	MEDIUM5.3	pillow 12.1.1 fixed in 12.2.0	0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-40192	MEDIUM5.1	pillow 12.1.1 fixed in 12.2.0	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-44307	MEDIUM5.02	Mako 1.3.10 fixed in 1.3.12	0.6% Theoretical Threat	Directly Exposed
CVE-2026-48524	MEDIUM5.02	PyJWT 2.12.1 fixed in 2.13.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42308	MEDIUM4.67	pillow 12.1.1 fixed in 12.2.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-42309	MEDIUM4.67	pillow 12.1.1 fixed in 12.2.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-42310	MEDIUM4.67	pillow 12.1.1 fixed in 12.2.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-41425	MEDIUM4.59	Authlib 1.6.9 fixed in 1.6.11	0.1% Theoretical Threat	Directly Exposed
CVE-2026-48523	MEDIUM4.59	PyJWT 2.12.1 fixed in 2.13.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	xz-libs 5.8.2-r0 fixed in 5.8.3-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-48525	MEDIUM4.5	PyJWT 2.12.1 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45409	MEDIUM4.5	idna 3.11 fixed in 3.15	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44431	MEDIUM4.5	urllib3 2.6.3 fixed in 2.7.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid 2.41.2-r0 fixed in 2.41.4-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-40200	LOW3.98	musl-utils 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-getcap 2.77-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-setcap 2.77-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW3.57	libcap-utils 2.77-r0 fixed in 2.78-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-48522	LOW3.57	PyJWT 2.12.1 fixed in 2.13.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-6357	LOW2.96	pip 25.3 fixed in 26.1	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.5-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-44405	LOW2.89	paramiko 3.5.1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-6042	LOW2.8	musl-utils 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3219	LOW2.55	pip 25.3 fixed in 26.1	0.1% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-1703	LOW1.99	pip 25.3 fixed in 26.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-41479	NONE0	Authlib 1.6.9 fixed in 1.6.10, 1.7.1	—	Not Applicable
CVE-2026-44681	NONE0	Authlib 1.6.9 fixed in 1.7.1, 1.6.12	0.2% Theoretical Threat	Not Applicable
GHSA-537c-gmf6-5ccf	NONE0	cryptography 46.0.6 fixed in 48.0.1	—	Not Applicable