Vulnerability Reporthashicorp/consul:1.22.5

hashicorp/consul:1.22.5
DIGESTsha256:4e75df3d9d5f8f4d3222322907c9a8e323bc313fc7b248943f93b8f9c64565a7

Executive Summary

Threat Score
50/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The top vulnerabilities (e.g., CVE-2026-33846, CVE-2026-28389) are remotely exploitable denial-of-service flaws that could crash the container or exhaust memory, impacting service availability. Note that CVE-2026-34986 is only reachable if the application accepts key wrapping algorithms for JWE, and the OpenSSL CMS vulnerabilities require processing of CMS messages. Mitigations include limiting network exposure and disabling unnecessary features such as DTLS or CMS processing if not needed.

Vulnerabilities

Vulnerability Log

129 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-33846MEDIUM6.38
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-42009MEDIUM6.38
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34986MEDIUM6.38
github.com/go-jose/go-jose/v3
v3.0.4
fixed in 3.0.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34986MEDIUM6.38
github.com/go-jose/go-jose/v4
v4.1.1
fixed in 4.1.4
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-29181MEDIUM6.38
go.opentelemetry.io/otel
v1.37.0
fixed in 1.41.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-25679MEDIUM6.38
stdlib
v1.25.7
fixed in 1.25.8, 1.26.1
0.5%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-32280MEDIUM6.38
stdlib
v1.25.7
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM6.38
stdlib
v1.25.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32283MEDIUM6.38
stdlib
v1.25.7
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33811MEDIUM6.38
stdlib
v1.25.7
fixed in 1.25.10, 1.26.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
stdlib
v1.25.7
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.25.7
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.25.7
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-3833MEDIUM6.29
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42011MEDIUM6.29
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-33186MEDIUM6.18
google.golang.org/grpc
v1.75.0
fixed in 1.79.3
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-42012MEDIUM6.03
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap
2.77-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap-getcap
2.77-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap-setcap
2.77-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap-utils
2.77-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap2
2.77-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42014MEDIUM5.61
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42013MEDIUM5.58
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-2673MEDIUM5.52
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.25.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.25.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r21
fixed in 1.2.5-r22
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl-utils
1.2.5-r21
fixed in 1.2.5-r22
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.25.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.25.7
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.25.7
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42015MEDIUM4.5
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-1965LOW3.47
curl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-1965LOW3.47
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-14819LOW3.47
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-3784LOW3.31
curl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-14524LOW3.31
curl
8.17.0-r1
fixed in 8.19.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-3784LOW3.31
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-14524LOW3.31
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-2673LOW3.31
openssl
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-3805LOW3.21
curl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-3805LOW3.21
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-34181LOW3.21
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-42768LOW3.21
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-3832LOW3.15
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-5419LOW3.15
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-31790LOW3.01
openssl
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Post-Exploit
CVE-2026-42764LOW3.01
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-42769LOW3.01
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42770LOW3.01
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-9076LOW3.01
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42010LOW3
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
openssl
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-45447LOW2.92
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
1.4%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
libssl3
3.5.5-r0
fixed in 3.5.7-r0
1.4%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
openssl
3.5.5-r0
fixed in 3.5.7-r0
1.4%
Low-Moderate Risk
Post-Exploit
CVE-2026-3783LOW2.91
curl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-3783LOW2.91
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-7383LOW2.8
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-33845LOW2.78
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42766LOW2.7
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-42767LOW2.7
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-34180LOW2.55
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-5260LOW2.51
gnutls
3.8.12-r0
fixed in 3.8.13-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
openssl
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-14017LOW2.45
curl
8.17.0-r1
fixed in 8.19.0-r0
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-14017LOW2.45
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-40200LOW2.39
musl
1.2.5-r21
fixed in 1.2.5-r23
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-40200LOW2.39
musl-utils
1.2.5-r21
fixed in 1.2.5-r23
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-28388LOW2.29
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-28388LOW2.29
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-27135LOW2.29
nghttp2-libs
1.68.0-r0
fixed in 1.68.1
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28388LOW2.29
openssl
3.5.5-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-28389LOW2.29
openssl
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-28390LOW2.29
openssl
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-34183LOW2.29
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-34182LOW2.26
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-27139LOW2.12
stdlib
v1.25.7
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-14819LOW2.08
curl
8.17.0-r1
fixed in 8.19.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-45446LOW1.89
openssl
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39823NONE0
stdlib
v1.25.7
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.25.7
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.25.7
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.25.7
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.25.7
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable
CVE-2026-42507NONE0
stdlib
v1.25.7
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable