This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution, bypass authorization policies, or cause denial of service. Most vulnerabilities require no special configuration and affect core Istio proxy functionality. No full mitigations are available; upgrading to a patched version is required.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2022-31045 | CRITICAL9.8 | istio.io/istio v0.0.0-20260604085046-07e4afa45ead fixed in 1.12.18, 1.13.5, 1.14.1 | 1.0% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2019-14993 | HIGH7.5 | istio.io/istio v0.0.0-20260604085046-07e4afa45ead fixed in 1.1.13, 1.2.4 | 2.2% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2021-39155 | HIGH7.5 | istio.io/istio v0.0.0-20260604085046-07e4afa45ead fixed in 1.9.8, 1.10.4, 1.11.1 | 1.1% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2021-39156 | HIGH7.5 | istio.io/istio v0.0.0-20260604085046-07e4afa45ead fixed in 1.9.8, 1.10.4, 1.11.1 | 1.1% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2026-42013 | MEDIUM6.97 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.4% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-42010 | MEDIUM6.66 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-27135 | MEDIUM6.38 | libnghttp2-14 1.59.0-1ubuntu0.2 fixed in 1.59.0-1ubuntu0.3 | 0.6% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-33811 | MEDIUM6.38 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.5% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-33814 | MEDIUM6.38 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-3833 | MEDIUM6.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42011 | MEDIUM6.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42012 | MEDIUM6.03 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4878 | MEDIUM5.95 | libcap2 1:2.66-5ubuntu2.2 fixed in 1:2.66-5ubuntu2.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-2236 | MEDIUM5.9 | libgcrypt20 1.10.3-2build1 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-22185 | MEDIUM5.78 | liblmdb0 0.9.31-1build1 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42014 | MEDIUM5.61 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5260 | MEDIUM5.58 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.7% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4437 | MEDIUM5.52 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4437 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-40226 | MEDIUM5.44 | libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40226 | MEDIUM5.44 | libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39826 | MEDIUM4.59 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc6 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42015 | MEDIUM4.5 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-34743 | MEDIUM4.5 | liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-1376 | MEDIUM4 | libelf1t64 0.190-1.1ubuntu0.1 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libuuid1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4878 | LOW3.57 | libcap2-bin 1:2.66-5ubuntu2.2 fixed in 1:2.66-5ubuntu2.4 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-4438 | LOW3.4 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6429 | LOW3.31 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-5958 | LOW3.21 | sed 4.9-2build1 fixed in 4.9-2ubuntu0.24.04.1 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-3832 | LOW3.15 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5419 | LOW3.15 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | LOW3.01 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW3.01 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2025-45582 | LOW2.86 | tar 1.35+dfsg-3build1 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-7383 | LOW2.8 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-40228 | LOW2.8 | libsystemd0 255.4-1ubuntu8.15 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-40228 | LOW2.8 | libudev1 255.4-1ubuntu8.15 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33845 | LOW2.78 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2022-23635 | LOW2.7 | istio.io/istio v0.0.0-20260604085046-07e4afa45ead fixed in 1.13.1, 1.12.4, 1.11.7 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42766 | LOW2.7 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42767 | LOW2.7 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-34180 | LOW2.55 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | bsdutils 1:2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | mount 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | util-linux 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-1352 | LOW2.29 | libelf1t64 0.190-1.1ubuntu0.1 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-41989 | LOW2.29 | libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-33846 | LOW2.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-42009 | LOW2.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-39820 | LOW2.29 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-39836 | LOW2.29 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW2.26 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW1.99 | curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-45446 | LOW1.89 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW1.84 | login 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW1.84 | passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-29481 | NONE0 | libbpf1 1:1.3.0-2build2 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-27456 | NONE0 | bsdextrautils 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27456 | NONE0 | libblkid1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27456 | NONE0 | libmount1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27456 | NONE0 | libsmartcols1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-2219 | NONE0 | dpkg 1.22.6ubuntu6.5 fixed in 1.22.6ubuntu6.6 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39823 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39825 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42499 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-42504 | NONE0 | stdlib v1.25.9 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-27145 | NONE0 | stdlib v1.25.9 fixed in 1.25.11, 1.26.4 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-42507 | NONE0 | stdlib v1.25.9 fixed in 1.25.11, 1.26.4 | 0.3% Theoretical Threat | Not Applicable |