Last scanned:
This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2026-42581 and CVE-2026-33871 to perform HTTP request smuggling leading to data exposure or cause complete denial of service via CPU exhaustion. Upgrading Netty to version 4.1.133.Final or later fully remediates these vulnerabilities. Note that CVE-2026-42010 (authentication bypass) only applies if RSA-PSK key exchange is enabled, which is not the default configuration.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-42581 | HIGH8.33 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.6% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-42010 | HIGH7.84 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 1.1% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-33871 | HIGH7.5 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.1.132.Final, 4.2.11.Final | 1.1% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2026-45674 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-47691 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-41989 | MEDIUM6.38 | libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27135 | MEDIUM6.38 | libnghttp2-14 1.59.0-1ubuntu0.2 fixed in 1.59.0-1ubuntu0.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-7962 | MEDIUM6.38 | com.sun.mail:jakarta.mail 1.6.3 fixed in 1.6.8, 2.0.2 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-7962 | MEDIUM6.38 | com.sun.mail:jakarta.mail 1.6.4 fixed in 1.6.8, 2.0.2 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42583 | MEDIUM6.38 | io.netty:netty-codec 4.1.130.Final fixed in 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33870 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.1.132.Final, 4.2.10.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-42585 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-48043 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.1.135.Final, 4.2.15.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42578 | MEDIUM6.38 | io.netty:netty-handler-proxy 4.1.130.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-45292 | MEDIUM6.38 | io.opentelemetry:opentelemetry-api 1.31.0 fixed in 1.62.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34479 | MEDIUM6.38 | org.apache.logging.log4j:log4j-1.2-api 2.19.0 fixed in 2.25.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-34478 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-5588 | MEDIUM6.38 | org.bouncycastle:bcpkix-jdk18on 1.79 fixed in 1.84 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-3833 | MEDIUM6.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42011 | MEDIUM6.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42579 | MEDIUM6.18 | io.netty:netty-codec-dns 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.9% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42584 | MEDIUM6.18 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.7% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42012 | MEDIUM6.03 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-4878 | MEDIUM5.95 | libcap2 1:2.66-5ubuntu2.2 fixed in 1:2.66-5ubuntu2.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-2236 | MEDIUM5.9 | libgcrypt20 1.10.3-2build1 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-45673 | MEDIUM5.78 | io.netty:netty-resolver-dns 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42014 | MEDIUM5.61 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42013 | MEDIUM5.58 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4437 | MEDIUM5.52 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4437 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41417 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42580 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0636 | MEDIUM5.52 | org.bouncycastle:bcprov-jdk18on 1.79 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-54512 | MEDIUM5.5 | com.fasterxml.jackson.core:jackson-databind 2.15.0 fixed in 2.18.8, 3.1.4, 2.21.4 | 0.6% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-54513 | MEDIUM5.5 | com.fasterxml.jackson.core:jackson-databind 2.15.0 fixed in 2.18.8, 2.21.4, 3.1.4 | 0.7% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-44249 | MEDIUM5.5 | io.netty:netty-handler 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-40226 | MEDIUM5.44 | libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40226 | MEDIUM5.44 | libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-13757 | MEDIUM5.27 | libp11-kit0 0.25.3-4ubuntu2.1 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-13757 | MEDIUM5.27 | p11-kit-modules 0.25.3-4ubuntu2.1 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-22227 | MEDIUM5.18 | io.projectreactor.netty:reactor-netty-http 1.0.45 fixed in 1.3.0-M5, 1.2.8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib1g 1:1.3.dfsg-3.1ubuntu2.1 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc6 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42015 | MEDIUM4.5 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-34743 | MEDIUM4.5 | liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-54514 | MEDIUM4.5 | com.fasterxml.jackson.core:jackson-databind 2.15.0 fixed in 2.18.8, 2.21.4, 3.1.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-54515 | MEDIUM4.5 | com.fasterxml.jackson.core:jackson-databind 2.15.0 fixed in 3.1.4, 2.18.9, 2.21.5, 2.22.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50020 | MEDIUM4.5 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-47244 | MEDIUM4.5 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50560 | MEDIUM4.5 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libblkid1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libmount1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libsmartcols1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libuuid1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69720 | LOW3.98 | ncurses-base 6.4+20240113-1ubuntu2 fixed in 6.4+20240113-1ubuntu2.1 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-69720 | LOW3.98 | ncurses-bin 6.4+20240113-1ubuntu2 fixed in 6.4+20240113-1ubuntu2.1 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-8927 | LOW3.82 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW3.82 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-8927 | LOW3.82 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW3.82 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW3.82 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-9547 | LOW3.77 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-9547 | LOW3.77 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW3.77 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-48924 | LOW3.7 | org.apache.commons:commons-lang3 3.9 fixed in 3.18.0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5545 | LOW3.31 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW3.31 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-8924 | LOW3.31 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW3.31 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW3.31 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-8924 | LOW3.31 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-5958 | LOW3.21 | sed 4.9-2build1 fixed in 4.9-2ubuntu0.24.04.1 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-13757 | LOW3.16 | p11-kit 0.25.3-4ubuntu2.1 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-3832 | LOW3.15 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-5419 | LOW3.15 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | LOW3.01 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW3.01 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-8376 | LOW3 | perl-base 5.38.2-3.2ubuntu0.2 fixed in 5.38.2-3.2ubuntu0.3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-8925 | LOW2.92 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-8925 | LOW2.92 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2025-45582 | LOW2.86 | tar 1.35+dfsg-3build1 fixed in 1.35+dfsg-3ubuntu0.2 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-7383 | LOW2.8 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-5704 | LOW2.8 | tar 1.35+dfsg-3build1 fixed in 1.35+dfsg-3ubuntu0.1 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-40228 | LOW2.8 | libsystemd0 255.4-1ubuntu8.15 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-40228 | LOW2.8 | libudev1 255.4-1ubuntu8.15 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33845 | LOW2.78 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42496 | LOW2.78 | perl-base 5.38.2-3.2ubuntu0.2 fixed in 5.38.2-3.2ubuntu0.3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-33846 | LOW2.7 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 1.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-42009 | LOW2.7 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 1.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42766 | LOW2.7 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42767 | LOW2.7 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-34180 | LOW2.55 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-5260 | LOW2.51 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-8286 | LOW2.48 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-8286 | LOW2.48 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | bsdutils 1:2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-10536 | LOW2.4 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.11 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-41991 | LOW2.4 | gzip 1.12-1ubuntu3.1 fixed in 1.12-1ubuntu3.2 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-10536 | LOW2.4 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.11 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | mount 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | util-linux 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69720 | LOW2.39 | libncursesw6 6.4+20240113-1ubuntu2 fixed in 6.4+20240113-1ubuntu2.1 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-69720 | LOW2.39 | libtinfo6 6.4+20240113-1ubuntu2 fixed in 6.4+20240113-1ubuntu2.1 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-41992 | LOW2.29 | gzip 1.12-1ubuntu3.1 fixed in 1.12-1ubuntu3.2 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-14813 | LOW2.29 | org.bouncycastle:bcprov-jdk18on 1.79 fixed in 1.80.2, 1.81.1, 1.84 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45446 | LOW1.89 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW1.84 | login 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW1.84 | passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-8458 | NONE0 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-2219 | NONE0 | dpkg 1.22.6ubuntu6.5 fixed in 1.22.6ubuntu6.6 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-8458 | NONE0 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-58055 | NONE0 | libnghttp2-14 1.59.0-1ubuntu0.2 fixed in 1.59.0-1ubuntu0.4 | 0.2% Theoretical Threat | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.15.0 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.17.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.