Vulnerability Reportelasticsearch:8.19.16

elasticsearch:8.19.16

DIGESTsha256:1560707af70542cbf59f4e7c5f06662fe81d18d476013f735f150c9cb3205d9c

Executive Summary

Threat ScoreNEEDS ATTENTION• Image is official Docker Hub Elasticsearch, pinned by digest, and trusted (score 100).• 4 exposed vulnerabilities with medium severity (max 6.8) affect networking components (CVE-2026-45674, CVE-2026-47691, CVE-2026-45416).• 36 exposed vulnerabilities total, but none exceed 6.9 severity; post-exploit findings are all low (max 2.92).• All top CVEs are in Netty libraries (DNS, HTTP/2, TLS) and require no special configuration to exploit.

27/100NEEDS ATTENTION

ReputationOFFICIAL• Official Docker Hub Image• Pinned by digest (Immutable)

TRUSTED

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. It contains 36 exposed vulnerabilities, the most severe being medium (CVSS 6.8) and affecting DNS resolution and HTTP/2 decompression in Netty. An attacker controlling a DNS server could poison the cache, while memory exhaustion attacks are possible via crafted HTTP/2 frames or TLS handshakes. Updating Netty libraries to patched versions would resolve all identified CVEs. Post-exploit vulnerabilities are all low severity and pose minimal risk.

Vulnerabilities

Vulnerability Log

62 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-45674	MEDIUM6.8	io.netty:netty-resolver-dns 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-47691	MEDIUM6.8	io.netty:netty-resolver-dns 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-48043	MEDIUM6.38	io.netty:netty-codec-http2 4.1.133.Final fixed in 4.1.135.Final, 4.2.15.Final	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-44249	MEDIUM5.5	io.netty:netty-handler 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-40226	MEDIUM5.44	libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-50010	MEDIUM5.1	io.netty:netty-handler 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-9076	MEDIUM5.02	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45673	MEDIUM4.62	io.netty:netty-resolver-dns 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4046	MEDIUM4.5	libc-bin 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-50020	MEDIUM4.5	io.netty:netty-codec-http 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-47244	MEDIUM4.5	io.netty:netty-codec-http2 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-50560	MEDIUM4.5	io.netty:netty-codec-http2 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM4.42	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM4.42	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-34180	MEDIUM4.25	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.5% Theoretical Threat	Directly Exposed
CVE-2025-22227	MEDIUM4.14	io.projectreactor.netty:reactor-netty-http 1.0.45 fixed in 1.3.0-M5, 1.2.8	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-27456	MEDIUM4	libblkid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-48924	LOW3.7	org.apache.commons:commons-lang3 3.9 fixed in 3.18.0	2.2% Low-Moderate Risk	Directly Exposed
CVE-2024-2236	LOW3.54	libgcrypt20 1.10.3-2ubuntu0.1 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-4438	LOW3.4	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45447	LOW2.92	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	1.4% Low-Moderate Risk	Post-Exploit
CVE-2025-45582	LOW2.86	tar 1.35+dfsg-3build1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-7383	LOW2.8	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.8	libsystemd0 255.4-1ubuntu8.15 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 255.4-1ubuntu8.15 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45445	LOW2.78	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW2.7	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW2.7	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-34180	LOW2.55	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.5% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-7962	LOW2.29	com.sun.mail:jakarta.mail 1.6.3 fixed in 1.6.8, 2.0.2	0.7% Theoretical Threat	Post-Exploit
CVE-2025-7962	LOW2.29	com.sun.mail:jakarta.mail 1.6.4 fixed in 1.6.8, 2.0.2	0.7% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW1.89	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	login 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW1.81	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW1.81	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW1.81	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.15.0 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.17.2 fixed in 2.21.1, 2.18.6	—	Not Applicable