Vulnerability Reporteclipse-temurin:17-jre

Name: eclipse-temurin:17-jre Security Vulnerability Report
Creator: BaseImage
Keywords: eclipse-temurin:17-jre, Docker security, vulnerability scan, CVE, container security, SBOM

eclipse-temurin:17-jre

DIGESTsha256:8016378253033ebd971c237f6580f108b4afac11a188d3fc3b982497bbe55c65

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could spoof legitimate services or intercept sensitive information by bypassing certificate validation due to critical flaws like CVE-2026-42013 and CVE-2026-42011. These GnuTLS vulnerabilities, many with high context importance, directly impact the container's likely TLS validation activities. While an authentication bypass (CVE-2026-42010) requires specific RSA-PSK server configuration, other severe issues do not. Immediate remediation is mandatory before any production deployment.

Threat Score

100/100

DANGEROUS

Critical EXPOSED_SURFACE vulnerabilities, with maximum severity 8.2 (CVE-2026-42013) related to certificate validation bypass.
Contains 4 EXPOSED_SURFACE vulnerabilities rated severity 7.0 or higher, including CVE-2026-42011 and CVE-2026-42012, both involving TLS certificate validation bypasses.
An authentication bypass (CVE-2026-42010, severity 7.84) is present, though it requires specific RSA-PSK server configuration.
The underlying OS Distro is reported as "Unknown Linux", which can hinder proactive security management and patching.
Despite being an "OFFICIAL" Docker Hub image and pinned by digest, the identified high-severity issues warrant a DANGEROUS verdict.
A total of 43 EXPOSED_SURFACE and 33 POST_EXPLOIT_ONLY vulnerabilities were found.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

eclipse-temurin:17-jre

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

93 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42013	HIGH8.2	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	—	Directly ExposedContext importance: HIGH
CVE-2026-42010	HIGH7.84	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	—	Directly ExposedContext importance: MEDIUM
CVE-2026-42011	HIGH7.4	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	—	Directly ExposedContext importance: HIGH
CVE-2026-42012	HIGH7.1	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	—	Directly ExposedContext importance: HIGH
CVE-2026-3833	MEDIUM6.29	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-7598	MEDIUM6.18	libssh2-1t64 1.11.1-1build2 fixed in 1.11.1-1ubuntu0.26.04.1	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM5.52	libc-bin 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-4437	MEDIUM5.52	libc-gconv-modules-extra 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-6238	MEDIUM5.52	libc-gconv-modules-extra 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	libc6 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-6238	MEDIUM5.52	libc6 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM5.3	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	—	Directly Exposed
CVE-2026-41989	MEDIUM5.1	libgcrypt20 1.12.0-2 fixed in 1.12.0-2ubuntu0.1	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	libc-bin 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc-gconv-modules-extra 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.02	libgcrypt20 1.12.0-2 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2026-5260	MEDIUM4.92	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	—	Directly Exposed
CVE-2025-66382	MEDIUM4.67	libexpat1 2.7.4-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33845	MEDIUM4.64	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42009	MEDIUM4.5	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	—	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libblkid1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-gconv-modules-extra 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libmount1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libsmartcols1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libuuid1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33846	LOW3.83	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5419	LOW3.7	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	—	Directly Exposed
CVE-2026-4438	LOW3.4	libc-bin 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc-gconv-modules-extra 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	LOW3.31	libc-bin 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5958	LOW3.21	sed 4.9-2build3 fixed in 4.9-2ubuntu1	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3832	LOW3.15	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-45582	LOW2.86	tar 1.35+dfsg-4 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-35373	LOW2.8	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.35+dfsg-4 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-41990	LOW2.8	libgcrypt20 1.12.0-2 fixed in 1.12.0-2ubuntu0.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 259.5-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 259.5-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW2.7	bsdutils 1:2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	login 1:4.16.0-2+really2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	mount 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	login 1:4.16.0-2+really2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.17.4-2ubuntu3 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2021-31879	LOW1.87	wget 1.25.0-2ubuntu4 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-33811	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-4437	NONE0	locales 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-6238	NONE0	locales 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-5435	NONE0	locales 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-4046	NONE0	locales 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-4438	NONE0	locales 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login.defs 1:4.17.4-2ubuntu3 No fix yet	4.5% Low-Moderate Risk	Not Applicable
CVE-2026-42014	NONE0	libgnutls30t64 3.8.12-2ubuntu1 fixed in 3.8.12-2ubuntu1.1	—	Not Applicable
CVE-2026-35341	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35344	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35345	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35348	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35350	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35351	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35352	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35354	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35357	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35359	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35360	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35363	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35364	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35367	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35368	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35370	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35371	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35374	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35377	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	—	Not Applicable