Vulnerability Reportkong:3.9.1

kong:3.9.1-ubuntukong:3.9.1

DIGESTsha256:76c14b93e989f7f4418039f7f9789ca32564016211c86ac1a18022f4788e7b9c

Executive Summary

Threat ScoreCAUTION• Image has 36 exposed vulnerabilities, including 5 with severity ≥6.0, all in GnuTLS library (e.g., CVE-2026-42013, CVE-2026-42010, CVE-2026-3833).• Top vulnerabilities can bypass TLS certificate validation, enabling spoofing or MITM attacks for an API gateway handling sensitive traffic.• Official Docker image with high trust score (100), but moderate-severity TLS flaws in core library reduce security posture.• CVE-2026-42010 (severity 6.66) only exploitable if non-default RSA-PSK cipher suite is configured.

50/100CAUTION

ReputationOFFICIAL• Official Docker Hub Image• Pinned by digest (Immutable)

TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit GnuTLS certificate validation bypasses (CVE-2026-42013, CVE-2026-3833) to spoof legitimate services or intercept sensitive data via man-in-the-middle attacks. While the image is official and trusted, the five vulnerabilities with severity ≥6.0 in a core TLS library pose a substantial threat to the integrity of TLS connections. Upgrading to a newer base image or applying vendor patches would fully remediate these issues. Note that CVE-2026-42010 requires enabling RSA-PSK, which is not default, so its risk is lower in standard configurations.

Vulnerabilities

Vulnerability Log

65 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42013	MEDIUM6.97	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42010	MEDIUM6.66	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-3833	MEDIUM6.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42011	MEDIUM6.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42012	MEDIUM6.03	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42014	MEDIUM5.61	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5260	MEDIUM5.58	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM5.52	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-4437	MEDIUM5.52	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-40226	MEDIUM5.44	libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM4.72	libgcrypt20 1.10.3-2build1 No fix yet	1.1% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-66382	MEDIUM4.67	libexpat1 2.6.1-2ubuntu0.4 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM4.5	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-3832	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5419	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45447	LOW2.92	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	1.4% Low-Moderate Risk	Post-Exploit
CVE-2025-45582	LOW2.86	tar 1.35+dfsg-3build1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-7383	LOW2.8	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.8	libsystemd0 255.4-1ubuntu8.15 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 255.4-1ubuntu8.15 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-33845	LOW2.78	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2017-11164	LOW2.7	libpcre3 2:8.39-15build1 No fix yet	3.1% Low-Moderate Risk	Post-Exploit
CVE-2019-20838	LOW2.7	libpcre3 2:8.39-15build1 No fix yet	2.8% Low-Moderate Risk	Post-Exploit
CVE-2026-42766	LOW2.7	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW2.7	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2024-52005	LOW2.69	git 1:2.43.0-1ubuntu7.3 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-34180	LOW2.55	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.5% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-41989	LOW2.29	libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1	0.2% Theoretical Threat	Post-Exploit
CVE-2026-33846	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.9% Theoretical Threat	Post-Exploit
CVE-2026-42009	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW1.89	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	login 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW1.81	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW1.81	openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11	0.3% Theoretical Threat	Post-Exploit
CVE-2024-52005	NONE0	git-man 1:2.43.0-1ubuntu7.3 No fix yet	0.5% Theoretical Threat	Not Applicable