Vulnerability Reporthyness/spring-cloud-config-server:jdk17

hyness/spring-cloud-config-server:jdk17hyness/spring-cloud-config-server:5.0.3-569460f-jdk17hyness/spring-cloud-config-server:5.0-jdk17
DIGESTsha256:8877867995e81ea5381dc24c936c4afa0ba2260b67eb537753600f5f928c4331

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit HTTP request smuggling (CVE-2026-42581) to bypass security controls, execute arbitrary code via Jackson deserialization (CVE-2026-54512), or gain unauthorized access to all endpoints via Spring Boot security bypass (CVE-2026-40976), potentially exposing sensitive configuration data and leading to full compromise. Upgrading to patched versions of Netty, Spring Boot, and Jackson would resolve these issues. Note that CVE-2026-40976 only applies if the application has no custom Spring Security configuration and depends on spring-boot-actuator-autoconfigure.

Vulnerabilities

Vulnerability Log

148 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-42581HIGH8.33
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.6%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-42584HIGH7.73
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.7%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-40976HIGH7.73
org.springframework.boot:spring-boot
4.0.5
fixed in 4.0.6
0.5%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-41293HIGH7.3
org.apache.tomcat.embed:tomcat-embed-core
11.0.20
fixed in 9.0.118, 10.1.55, 11.0.22
1.3%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2026-54512MEDIUM6.88
com.fasterxml.jackson.core:jackson-databind
2.21.2
fixed in 2.18.8, 3.1.4, 2.21.4
0.6%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-54513MEDIUM6.88
com.fasterxml.jackson.core:jackson-databind
2.21.2
fixed in 2.18.8, 2.21.4, 3.1.4
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-59250MEDIUM6.88
com.microsoft.sqlserver:mssql-jdbc
13.2.1
fixed in 10.2.4.jre11, 11.2.4.jre11, 12.2.1.jre11, 12.6.5.jre11, 12.8.2.jre11, 12.10.2.jre11, 13.2.1.jre11
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-54512MEDIUM6.88
tools.jackson.core:jackson-databind
3.1.0
fixed in 3.1.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-54513MEDIUM6.88
tools.jackson.core:jackson-databind
3.1.0
fixed in 3.1.4
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-45674MEDIUM6.8
io.netty:netty-resolver-dns
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-47691MEDIUM6.8
io.netty:netty-resolver-dns
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-43512MEDIUM6.5
org.apache.tomcat.embed:tomcat-embed-core
11.0.20
fixed in 9.0.118, 10.1.55, 11.0.22
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2026-44894MEDIUM6.38
io.netty:netty-codec-classes-quic
4.2.12.Final
fixed in 4.2.15.Final
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-42583MEDIUM6.38
io.netty:netty-codec-compression
4.2.12.Final
fixed in 4.2.13.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42587MEDIUM6.38
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-42585MEDIUM6.38
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42587MEDIUM6.38
io.netty:netty-codec-http2
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-48043MEDIUM6.38
io.netty:netty-codec-http2
4.2.12.Final
fixed in 4.1.135.Final, 4.2.15.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-48748MEDIUM6.38
io.netty:netty-codec-http3
4.2.12.Final
fixed in 4.2.15.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-45416MEDIUM6.38
io.netty:netty-handler
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-50010MEDIUM6.38
io.netty:netty-handler
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42578MEDIUM6.38
io.netty:netty-handler-proxy
4.2.12.Final
fixed in 4.1.133.Final, 4.2.13.Final
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-14813MEDIUM6.38
org.bouncycastle:bcprov-jdk18on
1.81
fixed in 1.80.2, 1.81.1, 1.84
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42198MEDIUM6.38
org.postgresql:postgresql
42.7.10
fixed in 42.7.11
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22754MEDIUM6.38
org.springframework.security:spring-security-config
7.0.4
fixed in 7.0.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39829MEDIUM6.38
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39830MEDIUM6.38
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39835MEDIUM6.38
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-46597MEDIUM6.38
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libssl3t64
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42508MEDIUM6.29
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-40542MEDIUM6.21
org.apache.httpcomponents.client5:httpclient5
5.6
fixed in 5.6.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42579MEDIUM6.18
io.netty:netty-codec-dns
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.9%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-46595MEDIUM6.03
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-40973MEDIUM5.95
org.springframework.boot:spring-boot
4.0.5
fixed in 4.0.6, 3.5.14
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-45673MEDIUM5.78
io.netty:netty-resolver-dns
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-4437MEDIUM5.52
libc6
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6238MEDIUM5.52
libc6
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54518MEDIUM5.52
com.fasterxml.jackson.core:jackson-databind
2.21.2
fixed in 2.21.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41417MEDIUM5.52
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.1.133.Final, 4.2.13.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42580MEDIUM5.52
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42498MEDIUM5.52
org.apache.tomcat.embed:tomcat-embed-core
11.0.20
fixed in 9.0.118, 10.1.55, 11.0.22
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-0636MEDIUM5.52
org.bouncycastle:bcprov-jdk18on
1.81
fixed in 1.84
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-40989MEDIUM5.52
org.springframework.cloud:spring-cloud-function-context
5.0.1
fixed in 4.3.3, 5.0.2
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40990MEDIUM5.52
org.springframework.cloud:spring-cloud-function-context
5.0.1
fixed in 4.3.3, 5.0.2
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41726MEDIUM5.52
org.springframework.kafka:spring-kafka
4.0.4
fixed in 4.0.6, 3.3.16
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-22753MEDIUM5.52
org.springframework.security:spring-security-config
7.0.4
fixed in 7.0.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22740MEDIUM5.52
org.springframework:spring-webflux
7.0.6
fixed in 7.0.7, 6.2.18
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54518MEDIUM5.52
tools.jackson.core:jackson-databind
3.1.0
fixed in 3.1.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39827MEDIUM5.52
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39834MEDIUM5.52
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25680MEDIUM5.52
golang.org/x/net
v0.53.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-44249MEDIUM5.5
io.netty:netty-handler
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-22747MEDIUM5.5
org.springframework.security:spring-security-web
7.0.4
fixed in 7.0.5
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-43515MEDIUM5.4
org.apache.tomcat.embed:tomcat-embed-core
11.0.20
fixed in 9.0.118, 10.1.55, 11.0.22
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2026-42502MEDIUM5.18
golang.org/x/net
v0.53.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-5435MEDIUM5.02
libc6
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libssl3t64
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3t64
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-22741MEDIUM5.02
org.springframework:spring-webflux
7.0.6
fixed in 7.0.7, 6.2.18
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22741MEDIUM5.02
org.springframework:spring-webmvc
7.0.6
fixed in 7.0.7, 6.2.18
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3t64
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib1g
1:1.3.dfsg-3.1ubuntu2.1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34483MEDIUM4.59
org.apache.tomcat.embed:tomcat-embed-core
11.0.20
fixed in 9.0.116, 10.1.54, 11.0.21
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42506MEDIUM4.59
golang.org/x/net
v0.53.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
libc6
2.39-0ubuntu8.7
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3t64
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3t64
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54514MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.21.2
fixed in 2.18.8, 2.21.4, 3.1.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54515MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.21.2
fixed in 3.1.4, 2.18.9, 2.21.5, 2.22.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54516MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.21.2
fixed in 2.21.4, 3.1.4
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54517MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.21.2
fixed in 2.21.4, 3.1.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-50020MEDIUM4.5
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-47244MEDIUM4.5
io.netty:netty-codec-http2
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50560MEDIUM4.5
io.netty:netty-codec-http2
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-43513MEDIUM4.5
org.apache.tomcat.embed:tomcat-embed-core
11.0.20
fixed in 9.0.118, 10.1.55, 11.0.22
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-22745MEDIUM4.5
org.springframework:spring-webflux
7.0.6
fixed in 7.0.7, 6.2.18
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-22745MEDIUM4.5
org.springframework:spring-webmvc
7.0.6
fixed in 7.0.7, 6.2.18
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54514MEDIUM4.5
tools.jackson.core:jackson-databind
3.1.0
fixed in 2.21.4, 3.1.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54515MEDIUM4.5
tools.jackson.core:jackson-databind
3.1.0
fixed in 3.1.4
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54516MEDIUM4.5
tools.jackson.core:jackson-databind
3.1.0
fixed in 3.1.4
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54517MEDIUM4.5
tools.jackson.core:jackson-databind
3.1.0
fixed in 3.1.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-46598MEDIUM4.5
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3t64
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-22751MEDIUM4.08
org.springframework.security:spring-security-core
7.0.4
fixed in 6.5.10, 7.0.5
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-4438LOW3.4
libc6
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45536LOW3.4
io.netty:netty-transport-native-epoll
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-45536LOW3.4
io.netty:netty-transport-native-kqueue
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3t64
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-43514LOW3.15
org.apache.tomcat.embed:tomcat-embed-core
11.0.20
fixed in 9.0.118, 10.1.55, 11.0.22
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-22746LOW3.15
org.springframework.security:spring-security-core
7.0.4
fixed in 6.5.10, 7.0.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45447LOW2.92
libssl3t64
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
openssl
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-7383LOW2.8
openssl
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3t64
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
openssl
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42766LOW2.7
openssl
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-42767LOW2.7
openssl
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39828LOW2.69
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39832LOW2.66
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-34180LOW2.55
openssl
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-39821LOW2.51
golang.org/x/net
v0.53.0
fixed in 0.55.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-41731LOW2.48
org.springframework.kafka:spring-kafka
4.0.4
fixed in 4.0.6, 3.3.16
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-39831LOW2.48
golang.org/x/crypto
v0.50.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-25681LOW2.48
golang.org/x/net
v0.53.0
fixed in 0.55.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-27136LOW2.48
golang.org/x/net
v0.53.0
fixed in 0.55.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-34182LOW2.26
openssl
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-45446LOW1.89
openssl
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-42770LOW1.81
openssl
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-9076LOW1.81
openssl
3.0.13-0ubuntu3.9
fixed in 3.0.13-0ubuntu3.11
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39822NONE0
stdlib
v1.26.2
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Not Applicable
CVE-2026-39822NONE0
stdlib
1.26.2
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.26.2
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Not Applicable
CVE-2026-33811NONE0
stdlib
v1.26.2
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-33814NONE0
stdlib
v1.26.2
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-39820NONE0
stdlib
v1.26.2
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-39836NONE0
stdlib
v1.26.2
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.26.2
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.26.2
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
1.26.2
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Not Applicable
CVE-2026-33811NONE0
stdlib
1.26.2
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-33814NONE0
stdlib
1.26.2
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-39820NONE0
stdlib
1.26.2
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-39836NONE0
stdlib
1.26.2
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
1.26.2
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
1.26.2
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.26.2
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
1.26.2
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39823NONE0
stdlib
v1.26.2
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39826NONE0
stdlib
v1.26.2
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39823NONE0
stdlib
1.26.2
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39826NONE0
stdlib
1.26.2
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42505NONE0
stdlib
v1.26.2
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42507NONE0
stdlib
v1.26.2
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42505NONE0
stdlib
1.26.2
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42507NONE0
stdlib
1.26.2
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Not Applicable
CVE-2026-10532NONE0
ch.qos.logback:logback-core
1.5.32
fixed in 1.5.35
0.3%
Theoretical Threat
Not Applicable
CVE-2026-9828NONE0
ch.qos.logback:logback-core
1.5.32
fixed in 1.5.33
0.4%
Theoretical Threat
Not Applicable
CVE-2026-50009NONE0
io.netty:netty-codec-classes-quic
4.2.12.Final
fixed in 4.2.15.Final
0.2%
Theoretical Threat
Not Applicable
CVE-2026-42582NONE0
io.netty:netty-codec-http3
4.2.12.Final
fixed in 4.2.13.Final
0.4%
Theoretical Threat
Not Applicable
CVE-2026-44892NONE0
io.netty:netty-codec-http3
4.2.12.Final
fixed in 4.2.15.Final
0.3%
Theoretical Threat
Not Applicable
CVE-2026-42577NONE0
io.netty:netty-transport-native-epoll
4.2.12.Final
fixed in 4.2.13.Final
0.4%
Theoretical Threat
Not Applicable
CVE-2026-41284NONE0
org.apache.tomcat.embed:tomcat-embed-core
11.0.20
fixed in 9.0.118, 10.1.55, 11.0.22
0.8%
Theoretical Threat
Not Applicable
GHSA-2m67-wjpj-xhg9NONE0
tools.jackson.core:jackson-core
3.1.0
fixed in 3.1.1
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.42.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
GO-2026-5932NONE0
golang.org/x/crypto
v0.50.0
No fix yet
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.43.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.