Last scanned:
This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit HTTP request smuggling (CVE-2026-42581) to bypass security controls, execute arbitrary code via Jackson deserialization (CVE-2026-54512), or gain unauthorized access to all endpoints via Spring Boot security bypass (CVE-2026-40976), potentially exposing sensitive configuration data and leading to full compromise. Upgrading to patched versions of Netty, Spring Boot, and Jackson would resolve these issues. Note that CVE-2026-40976 only applies if the application has no custom Spring Security configuration and depends on spring-boot-actuator-autoconfigure.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-42581 | HIGH8.33 | io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.6% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-42584 | HIGH7.73 | io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.7% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-40976 | HIGH7.73 | org.springframework.boot:spring-boot 4.0.5 fixed in 4.0.6 | 0.5% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-41293 | HIGH7.3 | org.apache.tomcat.embed:tomcat-embed-core 11.0.20 fixed in 9.0.118, 10.1.55, 11.0.22 | 1.3% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2026-54512 | MEDIUM6.88 | com.fasterxml.jackson.core:jackson-databind 2.21.2 fixed in 2.18.8, 3.1.4, 2.21.4 | 0.6% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-54513 | MEDIUM6.88 | com.fasterxml.jackson.core:jackson-databind 2.21.2 fixed in 2.18.8, 2.21.4, 3.1.4 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-59250 | MEDIUM6.88 | com.microsoft.sqlserver:mssql-jdbc 13.2.1 fixed in 10.2.4.jre11, 11.2.4.jre11, 12.2.1.jre11, 12.6.5.jre11, 12.8.2.jre11, 12.10.2.jre11, 13.2.1.jre11 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-54512 | MEDIUM6.88 | tools.jackson.core:jackson-databind 3.1.0 fixed in 3.1.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-54513 | MEDIUM6.88 | tools.jackson.core:jackson-databind 3.1.0 fixed in 3.1.4 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-45674 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-47691 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-43512 | MEDIUM6.5 | org.apache.tomcat.embed:tomcat-embed-core 11.0.20 fixed in 9.0.118, 10.1.55, 11.0.22 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-44894 | MEDIUM6.38 | io.netty:netty-codec-classes-quic 4.2.12.Final fixed in 4.2.15.Final | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42583 | MEDIUM6.38 | io.netty:netty-codec-compression 4.2.12.Final fixed in 4.2.13.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-42585 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-48043 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.12.Final fixed in 4.1.135.Final, 4.2.15.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-48748 | MEDIUM6.38 | io.netty:netty-codec-http3 4.2.12.Final fixed in 4.2.15.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42578 | MEDIUM6.38 | io.netty:netty-handler-proxy 4.2.12.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2025-14813 | MEDIUM6.38 | org.bouncycastle:bcprov-jdk18on 1.81 fixed in 1.80.2, 1.81.1, 1.84 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42198 | MEDIUM6.38 | org.postgresql:postgresql 42.7.10 fixed in 42.7.11 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-22754 | MEDIUM6.38 | org.springframework.security:spring-security-config 7.0.4 fixed in 7.0.5 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39829 | MEDIUM6.38 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39830 | MEDIUM6.38 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-39835 | MEDIUM6.38 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-46597 | MEDIUM6.38 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42508 | MEDIUM6.29 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-40542 | MEDIUM6.21 | org.apache.httpcomponents.client5:httpclient5 5.6 fixed in 5.6.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42579 | MEDIUM6.18 | io.netty:netty-codec-dns 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.9% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-46595 | MEDIUM6.03 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-40973 | MEDIUM5.95 | org.springframework.boot:spring-boot 4.0.5 fixed in 4.0.6, 3.5.14 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-45673 | MEDIUM5.78 | io.netty:netty-resolver-dns 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4437 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-54518 | MEDIUM5.52 | com.fasterxml.jackson.core:jackson-databind 2.21.2 fixed in 2.21.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-41417 | MEDIUM5.52 | io.netty:netty-codec-http 4.2.12.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42580 | MEDIUM5.52 | io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42498 | MEDIUM5.52 | org.apache.tomcat.embed:tomcat-embed-core 11.0.20 fixed in 9.0.118, 10.1.55, 11.0.22 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-0636 | MEDIUM5.52 | org.bouncycastle:bcprov-jdk18on 1.81 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-40989 | MEDIUM5.52 | org.springframework.cloud:spring-cloud-function-context 5.0.1 fixed in 4.3.3, 5.0.2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-40990 | MEDIUM5.52 | org.springframework.cloud:spring-cloud-function-context 5.0.1 fixed in 4.3.3, 5.0.2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-41726 | MEDIUM5.52 | org.springframework.kafka:spring-kafka 4.0.4 fixed in 4.0.6, 3.3.16 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22753 | MEDIUM5.52 | org.springframework.security:spring-security-config 7.0.4 fixed in 7.0.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-22740 | MEDIUM5.52 | org.springframework:spring-webflux 7.0.6 fixed in 7.0.7, 6.2.18 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-54518 | MEDIUM5.52 | tools.jackson.core:jackson-databind 3.1.0 fixed in 3.1.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39827 | MEDIUM5.52 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39834 | MEDIUM5.52 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25680 | MEDIUM5.52 | golang.org/x/net v0.53.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-44249 | MEDIUM5.5 | io.netty:netty-handler 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-22747 | MEDIUM5.5 | org.springframework.security:spring-security-web 7.0.4 fixed in 7.0.5 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-43515 | MEDIUM5.4 | org.apache.tomcat.embed:tomcat-embed-core 11.0.20 fixed in 9.0.118, 10.1.55, 11.0.22 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-42502 | MEDIUM5.18 | golang.org/x/net v0.53.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22741 | MEDIUM5.02 | org.springframework:spring-webflux 7.0.6 fixed in 7.0.7, 6.2.18 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-22741 | MEDIUM5.02 | org.springframework:spring-webmvc 7.0.6 fixed in 7.0.7, 6.2.18 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib1g 1:1.3.dfsg-3.1ubuntu2.1 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39833 | MEDIUM4.67 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34483 | MEDIUM4.59 | org.apache.tomcat.embed:tomcat-embed-core 11.0.20 fixed in 9.0.116, 10.1.54, 11.0.21 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42506 | MEDIUM4.59 | golang.org/x/net v0.53.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc6 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-54514 | MEDIUM4.5 | com.fasterxml.jackson.core:jackson-databind 2.21.2 fixed in 2.18.8, 2.21.4, 3.1.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-54515 | MEDIUM4.5 | com.fasterxml.jackson.core:jackson-databind 2.21.2 fixed in 3.1.4, 2.18.9, 2.21.5, 2.22.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-54516 | MEDIUM4.5 | com.fasterxml.jackson.core:jackson-databind 2.21.2 fixed in 2.21.4, 3.1.4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-54517 | MEDIUM4.5 | com.fasterxml.jackson.core:jackson-databind 2.21.2 fixed in 2.21.4, 3.1.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-50020 | MEDIUM4.5 | io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-47244 | MEDIUM4.5 | io.netty:netty-codec-http2 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50560 | MEDIUM4.5 | io.netty:netty-codec-http2 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-43513 | MEDIUM4.5 | org.apache.tomcat.embed:tomcat-embed-core 11.0.20 fixed in 9.0.118, 10.1.55, 11.0.22 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-22745 | MEDIUM4.5 | org.springframework:spring-webflux 7.0.6 fixed in 7.0.7, 6.2.18 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22745 | MEDIUM4.5 | org.springframework:spring-webmvc 7.0.6 fixed in 7.0.7, 6.2.18 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-54514 | MEDIUM4.5 | tools.jackson.core:jackson-databind 3.1.0 fixed in 2.21.4, 3.1.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-54515 | MEDIUM4.5 | tools.jackson.core:jackson-databind 3.1.0 fixed in 3.1.4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-54516 | MEDIUM4.5 | tools.jackson.core:jackson-databind 3.1.0 fixed in 3.1.4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-54517 | MEDIUM4.5 | tools.jackson.core:jackson-databind 3.1.0 fixed in 3.1.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-46598 | MEDIUM4.5 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-22751 | MEDIUM4.08 | org.springframework.security:spring-security-core 7.0.4 fixed in 6.5.10, 7.0.5 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-epoll 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-kqueue 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-43514 | LOW3.15 | org.apache.tomcat.embed:tomcat-embed-core 11.0.20 fixed in 9.0.118, 10.1.55, 11.0.22 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-22746 | LOW3.15 | org.springframework.security:spring-security-core 7.0.4 fixed in 6.5.10, 7.0.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45447 | LOW2.92 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-7383 | LOW2.8 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42766 | LOW2.7 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42767 | LOW2.7 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-39828 | LOW2.69 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-39832 | LOW2.66 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-34180 | LOW2.55 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-39821 | LOW2.51 | golang.org/x/net v0.53.0 fixed in 0.55.0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-41731 | LOW2.48 | org.springframework.kafka:spring-kafka 4.0.4 fixed in 4.0.6, 3.3.16 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-39831 | LOW2.48 | golang.org/x/crypto v0.50.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-25681 | LOW2.48 | golang.org/x/net v0.53.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-27136 | LOW2.48 | golang.org/x/net v0.53.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW2.26 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-45446 | LOW1.89 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-42770 | LOW1.81 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW1.81 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-39822 | NONE0 | stdlib v1.26.2 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-39822 | NONE0 | stdlib 1.26.2 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-27145 | NONE0 | stdlib v1.26.2 fixed in 1.25.11, 1.26.4 | 0.9% Theoretical Threat | Not Applicable |
| CVE-2026-33811 | NONE0 | stdlib v1.26.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-33814 | NONE0 | stdlib v1.26.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-39820 | NONE0 | stdlib v1.26.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-39836 | NONE0 | stdlib v1.26.2 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-42499 | NONE0 | stdlib v1.26.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-42504 | NONE0 | stdlib v1.26.2 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-27145 | NONE0 | stdlib 1.26.2 fixed in 1.25.11, 1.26.4 | 0.9% Theoretical Threat | Not Applicable |
| CVE-2026-33811 | NONE0 | stdlib 1.26.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-33814 | NONE0 | stdlib 1.26.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-39820 | NONE0 | stdlib 1.26.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-39836 | NONE0 | stdlib 1.26.2 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-42499 | NONE0 | stdlib 1.26.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-42504 | NONE0 | stdlib 1.26.2 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-39825 | NONE0 | stdlib v1.26.2 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39825 | NONE0 | stdlib 1.26.2 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39823 | NONE0 | stdlib v1.26.2 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39826 | NONE0 | stdlib v1.26.2 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39823 | NONE0 | stdlib 1.26.2 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39826 | NONE0 | stdlib 1.26.2 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42505 | NONE0 | stdlib v1.26.2 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42507 | NONE0 | stdlib v1.26.2 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42505 | NONE0 | stdlib 1.26.2 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42507 | NONE0 | stdlib 1.26.2 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-10532 | NONE0 | ch.qos.logback:logback-core 1.5.32 fixed in 1.5.35 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-9828 | NONE0 | ch.qos.logback:logback-core 1.5.32 fixed in 1.5.33 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-50009 | NONE0 | io.netty:netty-codec-classes-quic 4.2.12.Final fixed in 4.2.15.Final | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42582 | NONE0 | io.netty:netty-codec-http3 4.2.12.Final fixed in 4.2.13.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-44892 | NONE0 | io.netty:netty-codec-http3 4.2.12.Final fixed in 4.2.15.Final | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-42577 | NONE0 | io.netty:netty-transport-native-epoll 4.2.12.Final fixed in 4.2.13.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-41284 | NONE0 | org.apache.tomcat.embed:tomcat-embed-core 11.0.20 fixed in 9.0.118, 10.1.55, 11.0.22 | 0.8% Theoretical Threat | Not Applicable |
| GHSA-2m67-wjpj-xhg9 | NONE0 | tools.jackson.core:jackson-core 3.1.0 fixed in 3.1.1 | — | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.42.0 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
| GO-2026-5932 | NONE0 | golang.org/x/crypto v0.50.0 No fix yet | — | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.43.0 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.