Vulnerability Reporthaproxy:latest

Name: haproxy:latest Security Vulnerability Report
Creator: BaseImage
Keywords: haproxy:latest, Docker security, vulnerability scan, CVE, container security, SBOM

DIGESTsha256:e3794c185be0f5ac3180298e8416e9953cec9cb26f422f96d497e38a8a856ae0

Executive Summary

CAUTION

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. A critical denial of service vulnerability, CVE-2018-20796, could be exploited by an attacker using a specially crafted network request containing malicious regex patterns, potentially leading to service disruption. The image also contains other high-severity vulnerabilities, though their practical exploitability might be limited in a typical HAProxy container as they often depend on system-level features like udev or nspawn. To reduce the most immediate risk, organizations should ensure HAProxy configurations do not process untrusted user-controlled input with vulnerable regex patterns.

Threat Score

50/100

CAUTION

The image contains 6 EXPOSED_SURFACE vulnerabilities with severity 6.0 or higher, with a maximum severity of 6.4.
A notable EXPOSED_SURFACE vulnerability, CVE-2018-20796 (severity 6.0), can lead to Denial of Service for HAProxy by processing crafted regex patterns in network input.
Other high-severity EXPOSED_SURFACE vulnerabilities, such as CVE-2026-40225 and CVE-2026-40226 (both severity 6.4), are present but may have limited practical impact in a standard HAProxy container context.
A total of 57 EXPOSED_SURFACE vulnerabilities and 36 POST_EXPLOIT_ONLY vulnerabilities were identified.
The image is an Official Docker Hub image, pinned by digest (immutable), and highly popular, indicating a trusted source and robust maintenance.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

haproxy:latest

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

108 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-40225	MEDIUM6.4	libsystemd0 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40226	MEDIUM6.4	libsystemd0 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40225	MEDIUM6.4	libudev1 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40226	MEDIUM6.4	libudev1 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2018-20796	MEDIUM6	libc-bin 2.41-12+deb13u2 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2018-20796	MEDIUM6	libc6 2.41-12+deb13u2 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-4105	MEDIUM5.7	libsystemd0 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4105	MEDIUM5.7	libudev1 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	libc-bin 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-4437	MEDIUM5.52	libc6 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2025-14104	MEDIUM5.18	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-9192	MEDIUM5.1	libc-bin 2.41-12+deb13u2 No fix yet	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-9192	MEDIUM5.1	libc6 2.41-12+deb13u2 No fix yet	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-1010022	MEDIUM5	libc-bin 2.41-12+deb13u2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010022	MEDIUM5	libc6 2.41-12+deb13u2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc-bin 2.41-12+deb13u2 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc6 2.41-12+deb13u2 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.8.1-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 257.9-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libudev1 257.9-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libudev1 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libudev1 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69720	LOW3.98	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW3.7	libapt-pkg7.0 3.0.3 No fix yet	1.5% Low-Moderate Risk	Directly Exposed
CVE-2021-45346	LOW3.65	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2005-2541	LOW3.6	tar 1.35+dfsg-3.1 No fix yet	3.3% Low-Moderate Risk	Post-Exploit
CVE-2026-4438	LOW3.4	libc-bin 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc-bin 2.41-12+deb13u2 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc6 2.41-12+deb13u2 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW3.3	libsystemd0 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40228	LOW3.3	libudev1 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-3184	LOW3.15	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW3.15	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW3.15	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	LOW3.11	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-70873	LOW2.8	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libsystemd0 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libudev1 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010024	LOW2.7	libc-bin 2.41-12+deb13u2 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010024	LOW2.7	libc6 2.41-12+deb13u2 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010023	LOW2.69	libc-bin 2.41-12+deb13u2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc6 2.41-12+deb13u2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.55	tar 1.35+dfsg-3.1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2007-5686	LOW2.5	passwd 1:4.17.4-2 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4878	LOW2.41	libcap2 1:2.75-10+b8 No fix yet	—	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2017-18018	LOW2.4	coreutils 9.7-3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-29111	LOW2.39	libsystemd0 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-29111	LOW2.39	libudev1 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 9.7-3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW2.22	apt 3.0.3 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2026-3184	LOW1.89	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.89	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.89	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.89	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-6141	LOW1.68	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-base 5.40.1-6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69720	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2007-5686	NONE0	login.defs 1:4.17.4-2 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login.defs 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Not Applicable
CVE-2025-6141	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
TEMP-0841856-B18BAF	NONE0	bash 5.2.37-2+b8 No fix yet	—	Not Applicable
CVE-2026-5358	NONE0	libc-bin 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2026-5450	NONE0	libc-bin 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2026-5928	NONE0	libc-bin 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2026-5358	NONE0	libc6 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2026-5450	NONE0	libc6 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2026-5928	NONE0	libc6 2.41-12+deb13u2 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	login.defs 1:4.17.4-2 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	passwd 1:4.17.4-2 No fix yet	—	Not Applicable
CVE-2026-5958	NONE0	sed 4.9-2 No fix yet	—	Not Applicable
TEMP-0517018-A83CE6	NONE0	sysvinit-utils 3.14-4 No fix yet	—	Not Applicable
TEMP-0290435-0B57B5	NONE0	tar 1.35+dfsg-3.1 No fix yet	—	Not Applicable