This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit CVE-2024-24790 to cause network misclassification leading to traffic misrouting, or if the non-default Extension backend is used, CVE-2026-32241 enables remote root command execution on flannel nodes. For CVE-2026-32241, using default backends (vxlan, wireguard) fully eliminates the risk. Most other high-severity findings (e.g., stdlib DoS) require special conditions or are not directly reachable, but the sheer volume of vulnerabilities (77 exposed) demands careful assessment and remediation.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2024-24790 | HIGH7.84 | stdlib v1.20.12 fixed in 1.21.11, 1.22.4 | 2.0% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-32241 | HIGH7.04 | github.com/flannel-io/flannel v0.24.0 fixed in 0.28.2 | 2.7% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2025-68121 | MEDIUM6.8 | stdlib v1.20.12 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-61729 | MEDIUM6.38 | stdlib v1.20.12 fixed in 1.24.11, 1.25.5 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25679 | MEDIUM6.38 | stdlib v1.20.12 fixed in 1.25.8, 1.26.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-32280 | MEDIUM6.38 | stdlib v1.20.12 fixed in 1.25.9, 1.26.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32281 | MEDIUM6.38 | stdlib v1.20.12 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32283 | MEDIUM6.38 | stdlib v1.20.12 fixed in 1.25.9, 1.26.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33811 | MEDIUM6.38 | stdlib v1.20.12 fixed in 1.25.10, 1.26.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | stdlib v1.20.12 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39820 | MEDIUM6.38 | stdlib v1.20.12 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39836 | MEDIUM6.38 | stdlib v1.20.12 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61728 | MEDIUM6.38 | stdlib v1.20.12 fixed in 1.24.12, 1.25.6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-26519 | MEDIUM5.95 | musl 1.2.4-r2 fixed in 1.2.4-r3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-47907 | MEDIUM5.95 | stdlib v1.20.12 fixed in 1.23.12, 1.24.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2023-6237 | MEDIUM5.9 | libcrypto3 3.1.4-r1 fixed in 3.1.4-r4 | 2.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-5535 | MEDIUM5.9 | libcrypto3 3.1.4-r1 fixed in 3.1.6-r0 | 5.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-6237 | MEDIUM5.9 | libssl3 3.1.4-r1 fixed in 3.1.4-r4 | 2.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-5535 | MEDIUM5.9 | libssl3 3.1.4-r1 fixed in 3.1.6-r0 | 5.6% Low-Moderate Risk | Directly Exposed |
| CVE-2024-24786 | MEDIUM5.9 | google.golang.org/protobuf v1.31.0 fixed in 1.33.0 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-24791 | MEDIUM5.9 | stdlib v1.20.12 fixed in 1.21.12, 1.22.5 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2024-34158 | MEDIUM5.9 | stdlib v1.20.12 fixed in 1.22.7, 1.23.1 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-4673 | MEDIUM5.78 | stdlib v1.20.12 fixed in 1.23.10, 1.24.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-4741 | MEDIUM5.6 | libcrypto3 3.1.4-r1 fixed in 3.1.6-r0 | 2.9% Low-Moderate Risk | Directly Exposed |
| CVE-2024-4741 | MEDIUM5.6 | libssl3 3.1.4-r1 fixed in 3.1.6-r0 | 2.9% Low-Moderate Risk | Directly Exposed |
| CVE-2025-22872 | MEDIUM5.52 | golang.org/x/net v0.18.0 fixed in 0.38.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-24785 | MEDIUM5.52 | stdlib v1.20.12 fixed in 1.21.8, 1.22.1 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-47906 | MEDIUM5.52 | stdlib v1.20.12 fixed in 1.23.12, 1.24.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-61727 | MEDIUM5.52 | stdlib v1.20.12 fixed in 1.24.11, 1.25.5 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-0727 | MEDIUM5.5 | libcrypto3 3.1.4-r1 fixed in 3.1.4-r5 | 3.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-0727 | MEDIUM5.5 | libssl3 3.1.4-r1 fixed in 3.1.4-r5 | 3.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-32282 | MEDIUM5.44 | stdlib v1.20.12 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-24784 | MEDIUM5.4 | stdlib v1.20.12 fixed in 1.21.8, 1.22.1 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2024-4603 | MEDIUM5.3 | libcrypto3 3.1.4-r1 fixed in 3.1.5-r0 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-4603 | MEDIUM5.3 | libssl3 3.1.4-r1 fixed in 3.1.5-r0 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-45289 | MEDIUM5.3 | stdlib v1.20.12 fixed in 1.21.8, 1.22.1 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-45290 | MEDIUM5.3 | stdlib v1.20.12 fixed in 1.21.8, 1.22.1 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-32289 | MEDIUM5.18 | stdlib v1.20.12 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-24783 | MEDIUM5.02 | stdlib v1.20.12 fixed in 1.21.8, 1.22.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-34155 | MEDIUM5.02 | stdlib v1.20.12 fixed in 1.22.7, 1.23.1 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2024-45336 | MEDIUM5.02 | stdlib v1.20.12 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-2511 | MEDIUM4.81 | libcrypto3 3.1.4-r1 fixed in 3.1.4-r6 | 54.0% Actively Exploited | Directly Exposed |
| CVE-2024-2511 | MEDIUM4.81 | libssl3 3.1.4-r1 fixed in 3.1.4-r6 | 54.0% Actively Exploited | Directly Exposed |
| CVE-2024-24789 | MEDIUM4.67 | stdlib v1.20.12 fixed in 1.21.11, 1.22.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32288 | MEDIUM4.67 | stdlib v1.20.12 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-22871 | MEDIUM4.59 | stdlib v1.20.12 fixed in 1.23.8, 1.24.2 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-27142 | MEDIUM4.59 | stdlib v1.20.12 fixed in 1.25.8, 1.26.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39826 | MEDIUM4.59 | stdlib v1.20.12 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-6965 | MEDIUM4.58 | sqlite-libs 3.41.2-r2 fixed in 3.41.2-r4 | 64.9% Actively Exploited | Post-Exploit |
| CVE-2025-47914 | MEDIUM4.5 | golang.org/x/crypto v0.17.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58181 | MEDIUM4.5 | golang.org/x/crypto v0.17.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-22866 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-22873 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.23.9, 1.24.3 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-47912 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58185 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58187 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.24.9, 1.25.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58188 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.24.8, 1.25.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-58189 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-61723 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61724 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-61725 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61730 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.24.12, 1.25.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-58186 | MEDIUM4.5 | stdlib v1.20.12 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-13176 | MEDIUM4 | libcrypto3 3.1.4-r1 fixed in 3.1.8-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-13176 | MEDIUM4 | libssl3 3.1.4-r1 fixed in 3.1.8-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-22870 | LOW3.74 | golang.org/x/net v0.18.0 fixed in 0.36.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-22870 | LOW3.74 | stdlib v1.20.12 fixed in 1.23.7, 1.24.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-9143 | LOW3.7 | libcrypto3 3.1.4-r1 fixed in 3.1.7-r1 | 6.0% Low-Moderate Risk | Directly Exposed |
| CVE-2024-9143 | LOW3.7 | libssl3 3.1.4-r1 fixed in 3.1.7-r1 | 6.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-26519 | LOW3.57 | musl-utils 1.2.4-r2 fixed in 1.2.4-r3 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2024-45341 | LOW3.57 | stdlib v1.20.12 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2023-41913 | LOW3.53 | strongswan 5.9.10-r1 fixed in 5.9.12-r0 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2024-6119 | LOW3.51 | libcrypto3 3.1.4-r1 fixed in 3.1.7-r0 | 66.6% Actively Exploited | Post-Exploit |
| CVE-2024-6119 | LOW3.51 | libssl3 3.1.4-r1 fixed in 3.1.7-r0 | 66.6% Actively Exploited | Post-Exploit |
| CVE-2023-45288 | LOW3.51 | golang.org/x/net v0.18.0 fixed in 0.23.0 | 92.0% Actively Exploited | Post-Exploit |
| CVE-2023-45288 | LOW3.51 | stdlib v1.20.12 fixed in 1.21.9, 1.22.2 | 92.0% Actively Exploited | Post-Exploit |
| CVE-2024-2004 | LOW3.18 | libcurl 8.5.0-r0 fixed in 8.7.1-r0 | 1.7% Low-Moderate Risk | Post-Exploit |
| CVE-2024-2398 | LOW3.1 | libcurl 8.5.0-r0 fixed in 8.7.1-r0 | 36.1% High Exploitation Risk | Post-Exploit |
| CVE-2024-45337 | LOW2.95 | golang.org/x/crypto v0.17.0 fixed in 0.31.0 | 3.1% Low-Moderate Risk | Post-Exploit |
| CVE-2023-42363 | LOW2.8 | busybox 1.36.1-r5 fixed in 1.36.1-r7 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42364 | LOW2.8 | busybox 1.36.1-r5 fixed in 1.36.1-r7 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42365 | LOW2.8 | busybox 1.36.1-r5 fixed in 1.36.1-r7 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42366 | LOW2.8 | busybox 1.36.1-r5 fixed in 1.36.1-r6 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42363 | LOW2.8 | busybox-binsh 1.36.1-r5 fixed in 1.36.1-r7 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42364 | LOW2.8 | busybox-binsh 1.36.1-r5 fixed in 1.36.1-r7 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42365 | LOW2.8 | busybox-binsh 1.36.1-r5 fixed in 1.36.1-r7 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42366 | LOW2.8 | busybox-binsh 1.36.1-r5 fixed in 1.36.1-r6 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42363 | LOW2.8 | ssl_client 1.36.1-r5 fixed in 1.36.1-r7 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42364 | LOW2.8 | ssl_client 1.36.1-r5 fixed in 1.36.1-r7 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42365 | LOW2.8 | ssl_client 1.36.1-r5 fixed in 1.36.1-r7 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42366 | LOW2.8 | ssl_client 1.36.1-r5 fixed in 1.36.1-r6 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-33186 | LOW2.78 | google.golang.org/grpc v1.59.0 fixed in 1.79.3 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2024-6197 | LOW2.7 | libcurl 8.5.0-r0 fixed in 8.9.0-r0 | 4.3% Low-Moderate Risk | Post-Exploit |
| CVE-2024-34156 | LOW2.7 | stdlib v1.20.12 fixed in 1.22.7, 1.23.1 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2024-7264 | LOW2.69 | libcurl 8.5.0-r0 fixed in 8.9.1-r0 | 16.2% High Exploitation Risk | Post-Exploit |
| CVE-2023-7104 | LOW2.63 | sqlite-libs 3.41.2-r2 fixed in 3.41.2-r3 | 1.2% Low-Moderate Risk | Post-Exploit |
| CVE-2025-0665 | LOW2.4 | libcurl 8.5.0-r0 fixed in 8.12.0-r0 | 1.2% Low-Moderate Risk | Post-Exploit |
| CVE-2025-0725 | LOW2.4 | libcurl 8.5.0-r0 fixed in 8.12.0-r0 | 1.2% Low-Moderate Risk | Post-Exploit |
| CVE-2023-6129 | LOW2.34 | libcrypto3 3.1.4-r1 fixed in 3.1.4-r3 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2024-9681 | LOW2.34 | libcurl 8.5.0-r0 fixed in 8.11.0-r0 | 2.0% Low-Moderate Risk | Post-Exploit |
| CVE-2023-6129 | LOW2.34 | libssl3 3.1.4-r1 fixed in 3.1.4-r3 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2025-31115 | LOW2.29 | xz-libs 5.4.3-r0 fixed in 5.4.3-r1 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2025-22869 | LOW2.29 | golang.org/x/crypto v0.17.0 fixed in 0.35.0 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2025-22868 | LOW2.29 | golang.org/x/oauth2 v0.11.0 fixed in 0.27.0 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2025-61726 | LOW2.29 | stdlib v1.20.12 fixed in 1.24.12, 1.25.6 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2025-58183 | LOW2.29 | stdlib v1.20.12 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2024-6874 | LOW2.19 | libcurl 8.5.0-r0 fixed in 8.9.0-r0 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2024-11053 | LOW2.12 | libcurl 8.5.0-r0 fixed in 8.11.1-r0 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2026-27139 | LOW2.12 | stdlib v1.20.12 fixed in 1.25.8, 1.26.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-8096 | LOW1.99 | libcurl 8.5.0-r0 fixed in 8.10.0-r0 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2024-2379 | LOW1.94 | libcurl 8.5.0-r0 fixed in 8.7.1-r0 | 1.7% Low-Moderate Risk | Post-Exploit |
| CVE-2024-0853 | LOW1.91 | libcurl 8.5.0-r0 fixed in 8.6.0-r0 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2024-2466 | LOW1.91 | libcurl 8.5.0-r0 fixed in 8.7.1-r0 | 1.3% Low-Moderate Risk | Post-Exploit |
| CVE-2025-0167 | NONE0 | libcurl 8.5.0-r0 fixed in 8.12.0-r0 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-39823 | NONE0 | stdlib v1.20.12 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39825 | NONE0 | stdlib v1.20.12 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42499 | NONE0 | stdlib v1.20.12 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-42504 | NONE0 | stdlib v1.20.12 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-0913 | NONE0 | stdlib v1.20.12 fixed in 1.23.10, 1.24.4 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-27145 | NONE0 | stdlib v1.20.12 fixed in 1.25.11, 1.26.4 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-42507 | NONE0 | stdlib v1.20.12 fixed in 1.25.11, 1.26.4 | 0.3% Theoretical Threat | Not Applicable |