Last scanned:
This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The only exposed vulnerability, CVE-2026-33630, is a use-after-free/double-free in c-ares that could lead to denial of service when processing malicious DNS responses. Although its severity is medium (6.0), it affects a core DNS resolution library and can be triggered remotely without authentication. There are no high-severity or critical vulnerabilities; the 16 post-exploit-only issues are all low severity. Applying a security update for c-ares would eliminate the risk.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-33630 | MEDIUM6 | c-ares 1.34.6-r0 fixed in 1.34.8-r0 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4873 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7009 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7009 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW1.99 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW1.99 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
Want to check another image? Run a full scan with the Docker Security Scanner.