Vulnerability Reportfluent/fluent-bit:5.0.6

fluent/fluent-bit:5.0.6

DIGESTsha256:1abcf78fe8c9dee0c57fc2199693370a5a1f84e0af4716beddcd153b40cbbbb1

Executive Summary

Threat ScoreSAFE• No high-severity vulnerabilities (max severity 5.9).• 56 exposure surface findings and 29 post-exploit findings, all low/medium severity.• Image from trusted community publisher with 15B+ pulls.• Pinned by digest ensures immutability.• Empty top findings lists indicate no critical issues identified.

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (15282M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is safe for production use. While 56 exposure surface and 29 post-exploit findings exist, all are low to medium severity (max CVSS 5.9) and do not pose a practical risk. The image is pinned by digest and from a reputable community publisher.

Vulnerabilities

Vulnerability Log

85 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2024-26461	MEDIUM5.9	libkrb5support0 1.21.3-5 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2025-13151	MEDIUM5.9	libtasn1-6 4.20.0-2 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-22185	MEDIUM5.78	libldap2 2.6.10+dfsg-1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2011-3389	MEDIUM5.59	libgnutls30t64 3.8.9-3+deb13u4 No fix yet	73.3% Actively Exploited	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc6 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15079	MEDIUM5.5	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-34181	MEDIUM5.35	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.4% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM5.3	libc6 2.41-12+deb13u3 No fix yet	3.2% Low-Moderate Risk	Directly Exposed
CVE-2019-1010025	MEDIUM5.3	libc6 2.41-12+deb13u3 No fix yet	2.3% Low-Moderate Risk	Directly Exposed
CVE-2026-6276	MEDIUM5.1	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	libc6 2.41-12+deb13u3 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40355	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5 fixed in 1.21.3-5+deb13u1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40356	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5 fixed in 1.21.3-5+deb13u1	0.5% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-40355	MEDIUM5.02	libk5crypto3 1.21.3-5 fixed in 1.21.3-5+deb13u1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40356	MEDIUM5.02	libk5crypto3 1.21.3-5 fixed in 1.21.3-5+deb13u1	0.5% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libk5crypto3 1.21.3-5 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-40355	MEDIUM5.02	libkrb5-3 1.21.3-5 fixed in 1.21.3-5+deb13u1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40356	MEDIUM5.02	libkrb5-3 1.21.3-5 fixed in 1.21.3-5+deb13u1	0.5% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5-3 1.21.3-5 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-40355	MEDIUM5.02	libkrb5support0 1.21.3-5 fixed in 1.21.3-5+deb13u1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40356	MEDIUM5.02	libkrb5support0 1.21.3-5 fixed in 1.21.3-5+deb13u1	0.5% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5support0 1.21.3-5 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-1965	MEDIUM4.62	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-14819	MEDIUM4.62	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2015-3276	MEDIUM4.5	libldap2 2.6.10+dfsg-1 No fix yet	5.3% Low-Moderate Risk	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.8.1-1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.3% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-3784	MEDIUM4.42	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5545	MEDIUM4.42	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-6429	MEDIUM4.42	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-14524	MEDIUM4.42	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5450	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	libgssapi-krb5-2 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	libk5crypto3 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	libkrb5-3 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	libkrb5support0 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.5% Theoretical Threat	Directly Exposed
CVE-2020-15719	MEDIUM4.2	libldap2 2.6.10+dfsg-1 No fix yet	2.4% Low-Moderate Risk	Directly Exposed
CVE-2017-14159	MEDIUM4	libldap2 2.6.10+dfsg-1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2010-4756	MEDIUM4	libc6 2.41-12+deb13u3 No fix yet	2.6% Low-Moderate Risk	Directly Exposed
CVE-2019-1010022	LOW3.53	libc6 2.41-12+deb13u3 No fix yet	3.2% Low-Moderate Risk	Post-Exploit
CVE-2026-3805	LOW3.21	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.7% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW3.17	libc6 2.41-12+deb13u3 No fix yet	3.1% Low-Moderate Risk	Post-Exploit
CVE-2026-45446	LOW3.15	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.2% Theoretical Threat	Directly Exposed
CVE-2025-10966	LOW3.01	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-3783	LOW2.91	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2013-4392	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-7598	LOW2.78	libssh2-1t64 1.11.1-1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.3% Theoretical Threat	Post-Exploit
CVE-2018-20796	LOW2.7	libc6 2.41-12+deb13u3 No fix yet	5.8% Low-Moderate Risk	Post-Exploit
CVE-2019-9192	LOW2.7	libc6 2.41-12+deb13u3 No fix yet	2.4% Low-Moderate Risk	Post-Exploit
CVE-2018-6829	LOW2.7	libgcrypt20 1.11.0-7 No fix yet	1.8% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libgssapi-krb5-2 1.21.3-5 No fix yet	2.1% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libk5crypto3 1.21.3-5 No fix yet	2.1% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libkrb5-3 1.21.3-5 No fix yet	2.1% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libkrb5support0 1.21.3-5 No fix yet	2.1% Low-Moderate Risk	Post-Exploit
CVE-2017-17740	LOW2.7	libldap2 2.6.10+dfsg-1 No fix yet	7.0% Low-Moderate Risk	Post-Exploit
CVE-2026-4873	LOW2.7	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW2.29	libcurl4t64 8.14.1-2+deb13u3 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-41989	LOW2.29	libgcrypt20 1.11.0-7 fixed in 1.11.0-7+deb13u1	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.5% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libssl3t64 3.5.6-1~deb13u1 fixed in 3.5.6-1~deb13u2	0.2% Theoretical Threat	Post-Exploit
CVE-2024-2236	LOW2.12	libgcrypt20 1.11.0-7 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-26461	LOW2.12	libgssapi-krb5-2 1.21.3-5 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-26461	LOW2.12	libk5crypto3 1.21.3-5 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-26461	LOW2.12	libkrb5-3 1.21.3-5 No fix yet	1.1% Low-Moderate Risk	Post-Exploit