Vulnerability Reportistio/proxyv2:1.29.4

istio/proxyv2:1.29.4istio/proxyv2:1.29.4-debug

DIGESTsha256:3c279352793d0c53e0a3561f0329db15dbed63a4dae5c46c391fae7220a31ddf

Executive Summary

Threat ScoreDANGEROUS• 49 exposed vulnerabilities, 8 with severity >=6.0 and 4 with severity >=7.0 (max 7.84).• Critical remote exploits: CVE-2022-31045 (potential crash), CVE-2021-39155 and CVE-2021-39156 (authorization bypass).• Multiple CVEs allow denial of service or bypass of security policies without authentication.• Image is from trusted community (istio) but contains severe flaws requiring immediate upgrade.• No post-exploit vulnerabilities found, reducing insider threat risk.

100/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (12322M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2021-39155 and CVE-2021-39156 to bypass authorization policies, gaining unauthorized access to protected resources. Additionally, CVE-2022-31045 could cause service crashes via crafted headers. While some findings require non-default configurations (e.g., CVE-2022-31045 needs the metadata exchange filter), most are remotely exploitable without special setup.

Vulnerabilities

Vulnerability Log

92 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2022-31045	HIGH7.84	istio.io/istio v0.0.0-20260604084646-e339c3903bcf fixed in 1.12.18, 1.13.5, 1.14.1	1.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2019-14993	HIGH7.5	istio.io/istio v0.0.0-20260604084646-e339c3903bcf fixed in 1.1.13, 1.2.4	2.2% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2021-39155	HIGH7.5	istio.io/istio v0.0.0-20260604084646-e339c3903bcf fixed in 1.9.8, 1.10.4, 1.11.1	1.1% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2021-39156	HIGH7.5	istio.io/istio v0.0.0-20260604084646-e339c3903bcf fixed in 1.9.8, 1.10.4, 1.11.1	1.1% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2026-42010	MEDIUM6.66	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-41989	MEDIUM6.38	libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1	0.2% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-27135	MEDIUM6.38	libnghttp2-14 1.59.0-1ubuntu0.2 fixed in 1.59.0-1ubuntu0.3	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42012	MEDIUM6.03	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap2 1:2.66-5ubuntu2.2 fixed in 1:2.66-5ubuntu2.4	0.2% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.9	libgcrypt20 1.10.3-2build1 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-22185	MEDIUM5.78	liblmdb0 0.9.31-1build1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-42014	MEDIUM5.61	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42013	MEDIUM5.58	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5260	MEDIUM5.58	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM5.52	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3833	MEDIUM5.03	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42011	MEDIUM5.03	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM4.5	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-1376	MEDIUM4	libelf1t64 0.190-1.1ubuntu0.1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-4878	LOW3.57	libcap2-bin 1:2.66-5ubuntu2.2 fixed in 1:2.66-5ubuntu2.4	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4438	LOW3.4	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-6429	LOW3.31	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5958	LOW3.21	sed 4.9-2build1 fixed in 4.9-2ubuntu0.24.04.1	0.1% Theoretical Threat	Post-Exploit
CVE-2026-3832	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5419	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42770	LOW3.01	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW3.01	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	1.4% Low-Moderate Risk	Post-Exploit
CVE-2025-45582	LOW2.86	tar 1.35+dfsg-3build1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-7383	LOW2.8	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.8	libsystemd0 255.4-1ubuntu8.15 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 255.4-1ubuntu8.15 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-33845	LOW2.78	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2022-23635	LOW2.7	istio.io/istio v0.0.0-20260604084646-e339c3903bcf fixed in 1.13.1, 1.12.4, 1.11.7	1.6% Low-Moderate Risk	Post-Exploit
CVE-2026-6253	LOW2.7	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW2.7	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW2.7	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-34180	LOW2.55	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.5% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW2.29	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW2.29	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW2.29	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW2.29	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.3% Theoretical Threat	Post-Exploit
CVE-2025-1352	LOW2.29	libelf1t64 0.190-1.1ubuntu0.1 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-33846	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.9% Theoretical Threat	Post-Exploit
CVE-2026-42009	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2025-29481	LOW2.23	libbpf1 1:1.3.0-2build2 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW1.99	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW1.99	curl 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW1.99	libcurl4t64 8.5.0-2ubuntu10.8 fixed in 8.5.0-2ubuntu10.9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW1.89	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-27456	NONE0	bsdextrautils 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2026-2219	NONE0	dpkg 1.22.6ubuntu6.5 fixed in 1.22.6ubuntu6.6	0.4% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.10 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.10 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.10 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable