Vulnerability Reportkibana:8.19.18

kibana:8.19.18
DIGESTsha256:57ba94c8cbfb5feec7aa08a7170927d65241b7a9b0bbe7d23caeed18999de197

Executive Summary

Last scanned:

Threat Score
25/100NEEDS ATTENTION
Reputation
TRUSTED

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The most critical issue is CVE-2026-55388, which could enable remote code execution if an attacker can trigger prototype pollution through Kibana's API. Upgrading the piscina package to version 4.9.3, 5.2.0, or 6.0.0-rc.2 would fully address this vulnerability. The remaining 27 exposed findings are low severity and pose minimal risk in typical deployments.

Vulnerabilities

Vulnerability Log

59 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-55388MEDIUM6.88
piscina
3.2.0
fixed in 5.2.0, 4.9.3, 6.0.0-rc.2
0.3%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-13757MEDIUM5.27
libp11-kit0
0.25.3-4ubuntu2.1
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2024-2236MEDIUM4.72
libgcrypt20
1.10.3-2ubuntu0.1
No fix yet
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-66382MEDIUM4.67
libexpat1
2.6.1-2ubuntu0.4
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib1g
1:1.3.dfsg-3.1ubuntu2.1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-9679MEDIUM4.02
undici
6.24.1
fixed in 6.27.0, 7.28.0, 8.5.0
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-27456MEDIUM4
libblkid1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27456MEDIUM4
libmount1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27456MEDIUM4
libsmartcols1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27456MEDIUM4
libuuid1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-41650LOW3.67
fast-xml-parser
5.5.7
fixed in 5.7.0
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-54285LOW3.6
@opentelemetry/core
1.26.0
fixed in 2.8.0
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-54285LOW3.6
@opentelemetry/core
1.30.1
fixed in 2.8.0
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-54285LOW3.6
@opentelemetry/core
2.7.1
fixed in 2.8.0
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-4438LOW3.4
libc-bin
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4438LOW3.4
libc6
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-11525LOW3.15
undici
6.24.1
fixed in 6.27.0, 7.28.0, 8.5.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6733LOW3.15
undici
6.24.1
fixed in 6.27.0, 7.28.0, 8.5.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-8376LOW3
perl-base
5.38.2-3.2ubuntu0.2
fixed in 5.38.2-3.2ubuntu0.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-45582LOW2.86
tar
1.35+dfsg-3build1
fixed in 1.35+dfsg-3ubuntu0.2
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-5704LOW2.8
tar
1.35+dfsg-3build1
fixed in 1.35+dfsg-3ubuntu0.1
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-40228LOW2.8
libsystemd0
255.4-1ubuntu8.16
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40228LOW2.8
libudev1
255.4-1ubuntu8.16
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42496LOW2.78
perl-base
5.38.2-3.2ubuntu0.2
fixed in 5.38.2-3.2ubuntu0.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-4046LOW2.7
libc-bin
2.39-0ubuntu8.7
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4046LOW2.7
libc6
2.39-0ubuntu8.7
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4437LOW2.65
libc-bin
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Post-ExploitContext importance: MEDIUM
CVE-2026-4437LOW2.65
libc6
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Post-ExploitContext importance: MEDIUM
CVE-2026-27456LOW2.4
bsdutils
1:2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-10536LOW2.4
curl
8.5.0-2ubuntu10.10
fixed in 8.5.0-2ubuntu10.11
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-41991LOW2.4
gzip
1.12-1ubuntu3.1
fixed in 1.12-1ubuntu3.2
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-10536LOW2.4
libcurl4t64
8.5.0-2ubuntu10.10
fixed in 8.5.0-2ubuntu10.11
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
mount
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
util-linux
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-41992LOW2.29
gzip
1.12-1ubuntu3.1
fixed in 1.12-1ubuntu3.2
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-12151LOW2.29
undici
6.24.1
fixed in 6.27.0, 7.28.0, 8.5.0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-41907LOW2.29
uuid
10.0.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-41907LOW2.29
uuid
11.1.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-41907LOW2.29
uuid
13.0.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-41907LOW2.29
uuid
8.3.2
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-41907LOW2.29
uuid
9.0.1
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6238LOW1.99
libc-bin
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6238LOW1.99
libc6
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-8769LOW1.99
@ai-sdk/provider-utils
3.0.25
No fix yet
0.6%
Theoretical Threat
Post-Exploit
CVE-2024-56433LOW1.84
login
1:4.13+dfsg1-4ubuntu3.2
No fix yet
0.4%
Theoretical Threat
Post-Exploit
CVE-2024-56433LOW1.84
passwd
1:4.13+dfsg1-4ubuntu3.2
No fix yet
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-5435LOW1.81
libc-bin
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-5435LOW1.81
libc6
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Post-Exploit
CVE-2024-53382LOW1.65
prismjs
1.27.0
fixed in 1.30.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-2739LOW1.62
bn.js
4.11.9
fixed in 4.12.3, 5.2.3
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-69720NONE0
libncursesw6
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
libtinfo6
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
ncurses-base
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
ncurses-bin
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2026-58055NONE0
libnghttp2-14
1.59.0-1ubuntu0.3
fixed in 1.59.0-1ubuntu0.4
0.2%
Theoretical Threat
Not Applicable
GHSA-p6gq-j5cr-w38fNONE0
nodemailer
8.0.7
fixed in 9.0.1
Not Applicable
GHSA-268h-hp4c-crq3NONE0
nodemailer
8.0.7
fixed in 8.0.9
Not Applicable
GHSA-r7g4-qg5f-qqm2NONE0
nodemailer
8.0.7
fixed in 8.0.8
Not Applicable
GHSA-wqvq-jvpq-h66fNONE0
nodemailer
8.0.7
fixed in 8.0.9
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.