This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit CVE-2026-6478 to recover credentials via a timing side-channel, or exploit CVE-2026-29111 to achieve arbitrary code execution if they have local access. Note: CVE-2026-6478 only affects databases using MD5 password hashing; switching to SCRAM-SHA-256 fully mitigates it. The image contains 11 medium-high severity vulnerabilities (max 6.97) that increase the attack surface.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-6478 | MEDIUM6.97 | libpq5 17.9-0+deb13u1 fixed in 17.10-0+deb13u1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-29111 | MEDIUM6.63 | libsystemd0 257.9-1~deb13u1 fixed in 257.13-1~deb13u1 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-41989 | MEDIUM6.38 | libgcrypt20 1.11.0-7 fixed in 1.11.0-7+deb13u1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33846 | MEDIUM6.38 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-42009 | MEDIUM6.38 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-27135 | MEDIUM6.38 | libnghttp2-14 1.64.0-1.1 fixed in 1.64.0-1.1+deb13u1 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | MEDIUM6.38 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-3833 | MEDIUM6.29 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42011 | MEDIUM6.29 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42012 | MEDIUM6.03 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4878 | MEDIUM5.95 | libcap2 1:2.75-10+b8 fixed in 1:2.75-10+deb13u1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-2236 | MEDIUM5.9 | libgcrypt20 1.11.0-7 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libgssapi-krb5-2 1.21.3-5 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libk5crypto3 1.21.3-5 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libkrb5-3 1.21.3-5 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libkrb5support0 1.21.3-5 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2025-13151 | MEDIUM5.9 | libtasn1-6 4.20.0-2 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-22185 | MEDIUM5.78 | libldap2 2.6.10+dfsg-1 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-6477 | MEDIUM5.71 | libpq5 17.9-0+deb13u1 fixed in 17.10-0+deb13u1 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-6475 | MEDIUM5.7 | libpq5 17.9-0+deb13u1 fixed in 17.10-0+deb13u1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4105 | MEDIUM5.7 | libsystemd0 257.9-1~deb13u1 fixed in 257.13-1~deb13u1 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42014 | MEDIUM5.61 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2011-3389 | MEDIUM5.59 | libgnutls30t64 3.8.9-3+deb13u2 No fix yet | 73.3% Actively Exploited | Directly Exposed |
| CVE-2026-42013 | MEDIUM5.58 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4437 | MEDIUM5.52 | libc6 2.41-12+deb13u2 fixed in 2.41-12+deb13u3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc6 2.41-12+deb13u2 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-40225 | MEDIUM5.44 | libsystemd0 257.9-1~deb13u1 fixed in 257.13-1~deb13u1 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40226 | MEDIUM5.44 | libsystemd0 257.9-1~deb13u1 fixed in 257.13-1~deb13u1 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2019-1010024 | MEDIUM5.3 | libc6 2.41-12+deb13u2 No fix yet | 3.2% Low-Moderate Risk | Directly Exposed |
| CVE-2019-1010025 | MEDIUM5.3 | libc6 2.41-12+deb13u2 No fix yet | 2.3% Low-Moderate Risk | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc6 2.41-12+deb13u2 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-40355 | MEDIUM5.02 | libgssapi-krb5-2 1.21.3-5 fixed in 1.21.3-5+deb13u1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-40356 | MEDIUM5.02 | libgssapi-krb5-2 1.21.3-5 fixed in 1.21.3-5+deb13u1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libgssapi-krb5-2 1.21.3-5 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-40355 | MEDIUM5.02 | libk5crypto3 1.21.3-5 fixed in 1.21.3-5+deb13u1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-40356 | MEDIUM5.02 | libk5crypto3 1.21.3-5 fixed in 1.21.3-5+deb13u1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libk5crypto3 1.21.3-5 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-40355 | MEDIUM5.02 | libkrb5-3 1.21.3-5 fixed in 1.21.3-5+deb13u1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-40356 | MEDIUM5.02 | libkrb5-3 1.21.3-5 fixed in 1.21.3-5+deb13u1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libkrb5-3 1.21.3-5 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-40355 | MEDIUM5.02 | libkrb5support0 1.21.3-5 fixed in 1.21.3-5+deb13u1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-40356 | MEDIUM5.02 | libkrb5support0 1.21.3-5 fixed in 1.21.3-5+deb13u1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libkrb5support0 1.21.3-5 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6472 | MEDIUM4.59 | libpq5 17.9-0+deb13u1 fixed in 17.10-0+deb13u1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc6 2.41-12+deb13u2 fixed in 2.41-12+deb13u3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42015 | MEDIUM4.5 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-34743 | MEDIUM4.5 | liblzma5 5.8.1-1 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2023-31437 | MEDIUM4.5 | libsystemd0 257.9-1~deb13u1 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2023-31438 | MEDIUM4.5 | libsystemd0 257.9-1~deb13u1 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2023-31439 | MEDIUM4.5 | libsystemd0 257.9-1~deb13u1 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | libc6 2.41-12+deb13u2 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | libc6 2.41-12+deb13u2 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-11850 | MEDIUM4.25 | libgssapi-krb5-2 1.21.3-5 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-11850 | MEDIUM4.25 | libk5crypto3 1.21.3-5 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-11850 | MEDIUM4.25 | libkrb5-3 1.21.3-5 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-11850 | MEDIUM4.25 | libkrb5support0 1.21.3-5 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2020-15719 | MEDIUM4.2 | libldap2 2.6.10+dfsg-1 No fix yet | 2.4% Low-Moderate Risk | Directly Exposed |
| CVE-2017-14159 | MEDIUM4 | libldap2 2.6.10+dfsg-1 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2010-4756 | MEDIUM4 | libc6 2.41-12+deb13u2 No fix yet | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2026-6474 | LOW3.65 | libpq5 17.9-0+deb13u1 fixed in 17.10-0+deb13u1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2019-1010022 | LOW3.53 | libc6 2.41-12+deb13u2 No fix yet | 3.2% Low-Moderate Risk | Post-Exploit |
| CVE-2026-4438 | LOW3.4 | libc6 2.41-12+deb13u2 fixed in 2.41-12+deb13u3 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6429 | LOW3.31 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-3805 | LOW3.21 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2019-1010023 | LOW3.17 | libc6 2.41-12+deb13u2 No fix yet | 3.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-3832 | LOW3.15 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5419 | LOW3.15 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-10966 | LOW3.01 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-42010 | LOW3 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2026-3783 | LOW2.91 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2013-4392 | LOW2.8 | libsystemd0 257.9-1~deb13u1 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-40228 | LOW2.8 | libsystemd0 257.9-1~deb13u1 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33845 | LOW2.78 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7598 | LOW2.78 | libssh2-1t64 1.11.1-1 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libssl3t64 3.5.5-1~deb13u2 fixed in 3.5.6-1~deb13u2 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2018-20796 | LOW2.7 | libc6 2.41-12+deb13u2 No fix yet | 5.8% Low-Moderate Risk | Post-Exploit |
| CVE-2019-9192 | LOW2.7 | libc6 2.41-12+deb13u2 No fix yet | 2.4% Low-Moderate Risk | Post-Exploit |
| CVE-2018-6829 | LOW2.7 | libgcrypt20 1.11.0-7 No fix yet | 1.8% Low-Moderate Risk | Post-Exploit |
| CVE-2018-5709 | LOW2.7 | libgssapi-krb5-2 1.21.3-5 No fix yet | 2.1% Low-Moderate Risk | Post-Exploit |
| CVE-2018-5709 | LOW2.7 | libk5crypto3 1.21.3-5 No fix yet | 2.1% Low-Moderate Risk | Post-Exploit |
| CVE-2018-5709 | LOW2.7 | libkrb5-3 1.21.3-5 No fix yet | 2.1% Low-Moderate Risk | Post-Exploit |
| CVE-2018-5709 | LOW2.7 | libkrb5support0 1.21.3-5 No fix yet | 2.1% Low-Moderate Risk | Post-Exploit |
| CVE-2015-3276 | LOW2.7 | libldap2 2.6.10+dfsg-1 No fix yet | 5.3% Low-Moderate Risk | Post-Exploit |
| CVE-2017-17740 | LOW2.7 | libldap2 2.6.10+dfsg-1 No fix yet | 7.0% Low-Moderate Risk | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6473 | LOW2.69 | libpq5 17.9-0+deb13u1 fixed in 17.10-0+deb13u1 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6638 | LOW2.69 | libpq5 17.9-0+deb13u1 fixed in 17.10-0+deb13u1 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-5260 | LOW2.51 | libgnutls30t64 3.8.9-3+deb13u2 fixed in 3.8.9-3+deb13u4 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2025-15079 | LOW2.48 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-14017 | LOW2.45 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-15224 | LOW2.4 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-13034 | LOW2.08 | libcurl4t64 8.14.1-2+deb13u2 fixed in 8.14.1-2+deb13u3 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-1965 | LOW2.08 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-14819 | LOW2.08 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-3784 | LOW1.99 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-14524 | LOW1.99 | libcurl4t64 8.14.1-2+deb13u2 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-6476 | NONE0 | libpq5 17.9-0+deb13u1 fixed in 17.10-0+deb13u1 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-6479 | NONE0 | libpq5 17.9-0+deb13u1 fixed in 17.10-0+deb13u1 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-6637 | NONE0 | libpq5 17.9-0+deb13u1 fixed in 17.10-0+deb13u1 | 0.4% Theoretical Threat | Not Applicable |