Vulnerability Reportkibana:8.19.17

kibana:8.19.17
DIGESTsha256:1f26170a28367301e33ff66f802a51bf40061a12f44d4910e1b94e9a212821d4

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit the XSS vulnerability (CVE-2026-49978) to execute arbitrary scripts in users' browsers, or trigger a denial of service on the WebSocket server via CVE-2026-48779. Upgrading to the latest patched versions of dompurify and ws would resolve these issues. Additionally, the image contains 60 total exposed vulnerabilities, with 2 rated medium-severity or higher, indicating a broad attack surface.

Vulnerabilities

Vulnerability Log

106 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-49978HIGH8.1
dompurify
3.4.1
fixed in 3.4.7
Directly ExposedContext importance: HIGH
CVE-2026-48779MEDIUM6.38
ws
8.20.1
fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0
0.8%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-42014MEDIUM5.61
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-6238MEDIUM5.52
libc-bin
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-4437MEDIUM5.52
libc6
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6238MEDIUM5.52
libc6
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-8769MEDIUM5.52
@ai-sdk/provider-utils
3.0.25
No fix yet
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-55388MEDIUM5.5
piscina
3.2.0
fixed in 5.2.0, 4.9.3, 6.0.0-rc.2
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-40226MEDIUM5.44
libsystemd0
255.4-1ubuntu8.15
fixed in 255.4-1ubuntu8.16
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-40226MEDIUM5.44
libudev1
255.4-1ubuntu8.15
fixed in 255.4-1ubuntu8.16
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-13757MEDIUM5.27
libp11-kit0
0.25.3-4ubuntu2.1
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-12143MEDIUM5.1
form-data
4.0.5
fixed in 2.5.6, 3.0.5, 4.0.6
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-5435MEDIUM5.02
libc-bin
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-5435MEDIUM5.02
libc6
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-9679MEDIUM5.02
undici
6.24.1
fixed in 6.27.0, 7.28.0, 8.5.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-49458MEDIUM4.88
dompurify
3.4.1
fixed in 3.4.6
Directly ExposedContext importance: MEDIUM
CVE-2026-49459MEDIUM4.7
dompurify
3.4.1
fixed in 3.4.6
Directly Exposed
CVE-2025-66382MEDIUM4.67
libexpat1
2.6.1-2ubuntu0.4
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib1g
1:1.3.dfsg-3.1ubuntu2.1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41650MEDIUM4.59
fast-xml-parser
5.5.7
fixed in 5.7.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-53382MEDIUM4.59
prismjs
1.27.0
fixed in 1.30.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
libc-bin
2.39-0ubuntu8.7
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
libc6
2.39-0ubuntu8.7
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42015MEDIUM4.5
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-34743MEDIUM4.5
liblzma5
5.6.1+really5.4.5-1ubuntu0.2
fixed in 5.6.1+really5.4.5-1ubuntu0.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
1.26.0
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
1.30.1
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
2.7.1
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-2739MEDIUM4.5
bn.js
4.11.9
fixed in 4.12.3, 5.2.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-53550MEDIUM4.5
js-yaml
4.1.1
fixed in 4.2.0, 3.15.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54269MEDIUM4.5
protobufjs
7.5.8
fixed in 7.6.3, 8.6.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27456MEDIUM4
libblkid1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27456MEDIUM4
libmount1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27456MEDIUM4
libsmartcols1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27456MEDIUM4
libuuid1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-48712LOW3.83
protobufjs
7.5.8
fixed in 7.6.1, 8.4.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9547LOW3.77
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-42010LOW3.53
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-4438LOW3.4
libc-bin
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4438LOW3.4
libc6
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-8924LOW3.31
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-4437LOW3.31
libc-bin
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-8924LOW3.31
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-3832LOW3.15
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-5419LOW3.15
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-11525LOW3.15
undici
6.24.1
fixed in 6.27.0, 7.28.0, 8.5.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6733LOW3.15
undici
6.24.1
fixed in 6.27.0, 7.28.0, 8.5.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-8376LOW3
perl-base
5.38.2-3.2ubuntu0.2
fixed in 5.38.2-3.2ubuntu0.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-8925LOW2.92
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-8925LOW2.92
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-12318LOW2.89
libnss3
2:3.98-1ubuntu0.1
fixed in 2:3.98-1ubuntu0.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-45582LOW2.86
tar
1.35+dfsg-3build1
fixed in 1.35+dfsg-3ubuntu0.2
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-5704LOW2.8
tar
1.35+dfsg-3build1
fixed in 1.35+dfsg-3ubuntu0.1
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-40228LOW2.8
libsystemd0
255.4-1ubuntu8.15
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40228LOW2.8
libudev1
255.4-1ubuntu8.15
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-33845LOW2.78
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-42496LOW2.78
perl-base
5.38.2-3.2ubuntu0.2
fixed in 5.38.2-3.2ubuntu0.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-33846LOW2.7
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2026-42009LOW2.7
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2026-42013LOW2.51
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-5260LOW2.51
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-8286LOW2.48
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-8286LOW2.48
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
bsdutils
1:2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-10536LOW2.4
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.11
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-41991LOW2.4
gzip
1.12-1ubuntu3.1
fixed in 1.12-1ubuntu3.2
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-10536LOW2.4
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.11
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
mount
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
util-linux
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-8927LOW2.29
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-41992LOW2.29
gzip
1.12-1ubuntu3.1
fixed in 1.12-1ubuntu3.2
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-8927LOW2.29
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-41989LOW2.29
libgcrypt20
1.10.3-2build1
fixed in 1.10.3-2ubuntu0.1
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-12151LOW2.29
undici
6.24.1
fixed in 6.27.0, 7.28.0, 8.5.0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-41907LOW2.29
uuid
10.0.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-41907LOW2.29
uuid
11.1.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-41907LOW2.29
uuid
13.0.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-41907LOW2.29
uuid
8.3.2
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-41907LOW2.29
uuid
9.0.1
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-9547LOW2.26
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-3833LOW2.26
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-42011LOW2.26
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-42012LOW2.17
libgnutls30t64
3.8.3-1.1ubuntu3.5
fixed in 3.8.3-1.1ubuntu3.6
0.4%
Theoretical Threat
Post-Exploit
CVE-2024-2236LOW2.12
libgcrypt20
1.10.3-2build1
No fix yet
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-56433LOW1.84
passwd
1:4.13+dfsg1-4ubuntu3.2
No fix yet
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-69720NONE0
libncursesw6
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
libtinfo6
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
ncurses-base
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
ncurses-bin
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2024-56433NONE0
login
1:4.13+dfsg1-4ubuntu3.2
No fix yet
0.4%
Theoretical Threat
Not Applicable
CVE-2026-8458NONE0
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Not Applicable
CVE-2026-8458NONE0
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Not Applicable
CVE-2026-58055NONE0
libnghttp2-14
1.59.0-1ubuntu0.3
fixed in 1.59.0-1ubuntu0.4
0.2%
Theoretical Threat
Not Applicable
CVE-2026-11822NONE0
libsqlite3-0
3.45.1-1ubuntu2.5
fixed in 3.45.1-1ubuntu2.6
0.2%
Theoretical Threat
Not Applicable
CVE-2026-11824NONE0
libsqlite3-0
3.45.1-1ubuntu2.5
fixed in 3.45.1-1ubuntu2.6
0.2%
Theoretical Threat
Not Applicable
GHSA-76mc-f452-cxcmNONE0
dompurify
3.4.1
fixed in 3.4.7
Not Applicable
GHSA-cmwh-pvxp-8882NONE0
dompurify
3.4.1
fixed in 3.4.11
Not Applicable
GHSA-gvmj-g25r-r7wrNONE0
dompurify
3.4.1
fixed in 3.4.8
Not Applicable
GHSA-vxr8-fq34-vvx9NONE0
dompurify
3.4.1
fixed in 3.4.9
Not Applicable
GHSA-x4vx-rjvf-j5p4NONE0
dompurify
3.4.1
No fix yet
Not Applicable
CVE-2026-48801NONE0
linkify-it
5.0.0
fixed in 5.0.1
Not Applicable
CVE-2026-48988NONE0
markdown-it
14.1.1
fixed in 14.2.0
0.3%
Theoretical Threat
Not Applicable
GHSA-p6gq-j5cr-w38fNONE0
nodemailer
8.0.7
fixed in 9.0.1
Not Applicable
GHSA-268h-hp4c-crq3NONE0
nodemailer
8.0.7
fixed in 8.0.9
Not Applicable
GHSA-r7g4-qg5f-qqm2NONE0
nodemailer
8.0.7
fixed in 8.0.8
Not Applicable
GHSA-wqvq-jvpq-h66fNONE0
nodemailer
8.0.7
fixed in 8.0.9
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.