Vulnerability Reporthaproxy:latest

Name: haproxy:3.4-trixie Security Vulnerability Report
Creator: BaseImage
Keywords: haproxy:3.4-trixie, Docker security, vulnerability scan, CVE, container security, SBOM

haproxy:latesthaproxy:trixiehaproxy:lts-trixiehaproxy:ltshaproxy:3.4.0-trixiehaproxy:3.4.0haproxy:3.4-trixiehaproxy:3.4

DIGESTsha256:d27a4aac59a6a4f4f2a0a43c93599bdc573aa2cda2cfc297fa9f29cc5219dfdc

Executive Summary

NEEDS_ATTENTION

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The image contains 4 exposed vulnerabilities with severities ranging from 6.0 to 6.66, primarily impacting glibc. Notably, CVE-2019-1010022 (severity 6.66) could bypass stack guard protection, although upstream deems it a non-security bug, and CVE-2018-20796 (severity 6.0) could cause a denial of service if HAProxy processes maliciously crafted regular expressions. While there are 60 post-exploit vulnerabilities, their maximum severity is low at 4.68, and they generally require prior local access to exploit. The image benefits from being an official Docker Hub image and is pinned by digest, indicating a strong baseline of trust.

Threat Score

27/100

NEEDS_ATTENTION

The image is an official Docker Hub image, pinned by digest, enhancing its trustworthiness and immutability.
There are 4 exposed vulnerabilities with severity between 6.0 and 6.66, with a maximum exposed severity of 6.66.
Two prominent exposed vulnerabilities, CVE-2019-1010022 (severity 6.66) and CVE-2018-20796 (severity 6.0), affect glibc, a fundamental system library.
CVE-2018-20796 could lead to a denial of service if crafted regular expressions are processed, which is relevant given HAProxy's function.
While 60 post-exploit vulnerabilities are present, none have a severity of 6.0 or higher, and their impact is generally limited to scenarios requiring prior local access.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

haproxy:latest

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

149 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2019-1010022	MEDIUM6.66	libc-bin 2.41-12+deb13u3 No fix yet	0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-1010022	MEDIUM6.66	libc6 2.41-12+deb13u3 No fix yet	0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2018-20796	MEDIUM6	libc-bin 2.41-12+deb13u3 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2018-20796	MEDIUM6	libc6 2.41-12+deb13u3 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-14104	MEDIUM5.18	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42250	MEDIUM5	libbz2-1.0 1.0.8-6 No fix yet	—	Directly Exposed
CVE-2026-48962	MEDIUM4.68	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2022-0563	MEDIUM4.67	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc6 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.8.1-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69720	LOW3.98	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2019-9192	LOW3.83	libc-bin 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2019-9192	LOW3.83	libc6 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2011-3374	LOW3.7	libapt-pkg7.0 3.0.3 No fix yet	1.5% Low-Moderate Risk	Directly Exposed
CVE-2021-45346	LOW3.65	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2005-2541	LOW3.6	tar 1.35+dfsg-3.1 No fix yet	3.8% Low-Moderate Risk	Post-Exploit
CVE-2019-1010024	LOW3.6	libc-bin 2.41-12+deb13u3 No fix yet	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-1010025	LOW3.6	libc-bin 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-1010024	LOW3.6	libc6 2.41-12+deb13u3 No fix yet	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-8376	LOW3.53	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2010-4756	LOW3.4	libc-bin 2.41-12+deb13u3 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc6 2.41-12+deb13u3 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42496	LOW3.28	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2025-14104	LOW3.11	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.35+dfsg-3.1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-70873	LOW2.8	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libudev1 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42497	LOW2.7	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-9538	LOW2.7	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-3184	LOW2.7	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc-bin 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc6 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2007-5686	LOW2.5	passwd 1:4.17.4-2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2017-18018	LOW2.4	coreutils 9.7-3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 9.7-3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW2.22	apt 3.0.3 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-6141	LOW1.68	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-base 5.40.1-6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69720	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2007-5686	NONE0	login.defs 1:4.17.4-2 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login.defs 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Not Applicable
CVE-2025-6141	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
TEMP-0841856-B18BAF	NONE0	bash 5.2.37-2+b9 No fix yet	—	Not Applicable
CVE-2026-34180	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34181	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34182	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34183	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42764	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42766	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42767	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42768	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42769	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42770	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45445	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45446	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45447	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-7383	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-9076	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	login.defs 1:4.17.4-2 No fix yet	—	Not Applicable
CVE-2026-34180	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34181	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34182	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34183	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42764	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42766	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42767	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42768	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42769	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42770	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45445	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45446	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45447	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-7383	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-9076	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34180	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34181	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34182	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34183	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42764	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42766	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42767	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42768	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42769	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42770	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45445	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45446	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45447	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-7383	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-9076	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	passwd 1:4.17.4-2 No fix yet	—	Not Applicable
CVE-2026-48959	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2025-15649	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-7010	NONE0	perl-base 5.40.1-6 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-48961	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
TEMP-0517018-A83CE6	NONE0	sysvinit-utils 3.14-4 No fix yet	—	Not Applicable
TEMP-0290435-0B57B5	NONE0	tar 1.35+dfsg-3.1 No fix yet	—	Not Applicable