Vulnerability Reportdrupal:10.6.13-php8.4-fpm-alpine3.23

drupal:10.6.13-php8.4-fpm-alpine3.23
DIGESTsha256:3dbbfa1df91fef119b164a39b6b1fba0162634816a4ca0d199e62f874f63f5dc

Executive Summary

Last scanned:

Threat Score
25/100NEEDS ATTENTION
Reputation
TRUSTED

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The image has one medium-severity exposed vulnerability (CVE-2026-33630) that could lead to a denial of service via crafted DNS responses, but exploitation requires a malicious DNS server or man-in-the-middle position. All 16 post-exploit-only findings are low severity (up to 2.7). Updating the c-ares package would fully mitigate this vulnerability.

Vulnerabilities

Vulnerability Log

17 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-33630MEDIUM6
c-ares
1.34.6-r0
fixed in 1.34.8-r0
Directly ExposedContext importance: MEDIUM
CVE-2026-4873LOW2.7
curl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6253LOW2.7
curl
8.19.0-r0
fixed in 8.20.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-7009LOW2.7
curl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-7168LOW2.7
curl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-4873LOW2.7
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6253LOW2.7
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-7009LOW2.7
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-7168LOW2.7
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-5773LOW2.29
curl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6276LOW2.29
curl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5773LOW2.29
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6276LOW2.29
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5545LOW1.99
curl
8.19.0-r0
fixed in 8.20.0-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-6429LOW1.99
curl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-5545LOW1.99
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-6429LOW1.99
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit

Want to check another image? Run a full scan with the Docker Security Scanner.