Vulnerability Reportfluent/fluent-bit:4.2

fluent/fluent-bit:4.2.5fluent/fluent-bit:4.2

DIGESTsha256:76d5a62479523c2ad54142ee2d93b1fd44fa06b96eae483fbf2e5f1f67a870fc

Executive Summary

Threat ScoreCAUTION• Two high-severity (CVSS 7.5) glibc regex vulnerabilities in the exposed surface: CVE-2018-20796 and CVE-2019-9192.• 41 exposed vulnerabilities total, with 2 of severity >= 7.0.• The vulnerabilities are reachable via crafted log input, potentially causing denial of service.• No post-exploit vulnerabilities of significance (max severity 3.53).

74/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (15282M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause a denial of service by sending crafted log data that triggers uncontrolled recursion in glibc regex processing. The image has 41 exposed vulnerabilities, but only two high-severity ones, both related to regex recursion. Post-exploit vulnerabilities are low-severity and not a primary concern.

Vulnerabilities

Vulnerability Log

76 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2018-20796	HIGH7.5	libc6 2.41-12+deb13u3 No fix yet	5.8% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2019-9192	HIGH7.5	libc6 2.41-12+deb13u3 No fix yet	2.4% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2025-13151	MEDIUM5.9	libtasn1-6 4.20.0-2 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-22185	MEDIUM5.78	libldap2 2.6.10+dfsg-1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2011-3389	MEDIUM5.59	libgnutls30t64 3.8.9-3+deb13u4 No fix yet	73.3% Actively Exploited	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc6 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.4% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM5.3	libc6 2.41-12+deb13u3 No fix yet	3.2% Low-Moderate Risk	Directly Exposed
CVE-2019-1010025	MEDIUM5.3	libc6 2.41-12+deb13u3 No fix yet	2.3% Low-Moderate Risk	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.41-12+deb13u3 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5+deb13u1 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libk5crypto3 1.21.3-5+deb13u1 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5-3 1.21.3-5+deb13u1 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5support0 1.21.3-5+deb13u1 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.3% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM4.72	libgcrypt20 1.11.0-7+deb13u1 No fix yet	1.1% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-7383	MEDIUM4.67	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.8.1-1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.3% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	libgssapi-krb5-2 1.21.3-5+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	libk5crypto3 1.21.3-5+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	libkrb5-3 1.21.3-5+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	libkrb5support0 1.21.3-5+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.5% Theoretical Threat	Directly Exposed
CVE-2020-15719	MEDIUM4.2	libldap2 2.6.10+dfsg-1 No fix yet	2.4% Low-Moderate Risk	Directly Exposed
CVE-2017-14159	MEDIUM4	libldap2 2.6.10+dfsg-1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2010-4756	MEDIUM4	libc6 2.41-12+deb13u3 No fix yet	2.6% Low-Moderate Risk	Directly Exposed
CVE-2019-1010022	LOW3.53	libc6 2.41-12+deb13u3 No fix yet	3.2% Low-Moderate Risk	Post-Exploit
CVE-2026-3805	LOW3.21	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.7% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW3.17	libc6 2.41-12+deb13u3 No fix yet	3.1% Low-Moderate Risk	Post-Exploit
CVE-2026-45446	LOW3.15	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.2% Theoretical Threat	Directly Exposed
CVE-2025-10966	LOW3.01	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-3783	LOW2.91	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2013-4392	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-7598	LOW2.78	libssh2-1t64 1.11.1-1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.3% Theoretical Threat	Post-Exploit
CVE-2018-6829	LOW2.7	libgcrypt20 1.11.0-7+deb13u1 No fix yet	1.8% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libgssapi-krb5-2 1.21.3-5+deb13u1 No fix yet	2.1% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libk5crypto3 1.21.3-5+deb13u1 No fix yet	2.1% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libkrb5-3 1.21.3-5+deb13u1 No fix yet	2.1% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libkrb5support0 1.21.3-5+deb13u1 No fix yet	2.1% Low-Moderate Risk	Post-Exploit
CVE-2015-3276	LOW2.7	libldap2 2.6.10+dfsg-1 No fix yet	5.3% Low-Moderate Risk	Post-Exploit
CVE-2017-17740	LOW2.7	libldap2 2.6.10+dfsg-1 No fix yet	7.0% Low-Moderate Risk	Post-Exploit
CVE-2026-4873	LOW2.7	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW2.29	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW2.29	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.5% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.2% Theoretical Threat	Post-Exploit
CVE-2024-26461	LOW2.12	libgssapi-krb5-2 1.21.3-5+deb13u1 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-26461	LOW2.12	libk5crypto3 1.21.3-5+deb13u1 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-26461	LOW2.12	libkrb5-3 1.21.3-5+deb13u1 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-26461	LOW2.12	libkrb5support0 1.21.3-5+deb13u1 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-1965	LOW2.08	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW2.08	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW1.99	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW1.99	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW1.99	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW1.99	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.6% Theoretical Threat	Post-Exploit