Vulnerability Reportlogstash:9.3.4

logstash:9.3.4

DIGESTsha256:25337c852a6db27b952c3e2e630f19ce04eda19dbb85df2d3a03b5a291302e58

Executive Summary

Threat ScoreDANGEROUS• Official Docker Logstash image but 126 vulnerabilities found, including 16 with severity >=6.0 and one at 8.33 (CVE-2026-42581).• CVE-2026-42581 (Netty HTTP codec) enables unauthenticated HTTP request smuggling, directly impacting the Logstash HTTP input plugin.• CVE-2026-45447 (OpenSSL PKCS7) could lead to remote code execution if S/MIME processing is enabled, though non-default.• Multiple additional Netty CVEs (e.g., CVE-2026-42587, CVE-2026-50010) expose the container to denial of service and hostname verification bypass.• All top findings are in the exposed surface, increasing immediate risk without requiring prior compromise.

75/100DANGEROUS

ReputationOFFICIAL• Official Docker Hub Image• Pinned by digest (Immutable)

TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit HTTP request smuggling (CVE-2026-42581) to bypass security controls, potentially intercepting or manipulating data flows; additionally, a use-after-free in OpenSSL (CVE-2026-45447) could enable remote code execution if S/MIME processing is enabled. Mitigation: Disabling the HTTP input plugin would fully eliminate the Netty HTTP attack surface. Note that CVE-2026-45447 only applies if PKCS7/S/MIME processing is used, which is not default.

Vulnerabilities

Vulnerability Log

219 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42581	HIGH8.33	io.netty:netty-codec-http 4.1.132.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-45447	MEDIUM6.48	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	2.3% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-41989	MEDIUM6.38	libgcrypt 1.10.0-11.el9 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-6732	MEDIUM6.38	libxml2 2.9.13-14.el9_7 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42587	MEDIUM6.38	io.netty:netty-codec-http 4.1.132.Final fixed in 4.2.13.Final, 4.1.133.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42585	MEDIUM6.38	io.netty:netty-codec-http 4.1.132.Final fixed in 4.2.13.Final, 4.1.133.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.1.132.Final fixed in 4.2.15.Final, 4.1.135.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-50010	MEDIUM6.38	io.netty:netty-handler 4.1.132.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5588	MEDIUM6.38	org.bouncycastle:bcpkix-jdk18on 1.79 fixed in 1.84	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5588	MEDIUM6.38	org.bouncycastle:bcpkix-jdk18on 1.83 fixed in 1.84	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5598	MEDIUM6.38	org.bouncycastle:bcprov-jdk18on 1.83 fixed in 1.84	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42245	MEDIUM6.38	net-imap 0.5.13 fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42246	MEDIUM6.29	net-imap 0.5.13 fixed in ~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33210	MEDIUM6.18	json 2.18.1 fixed in ~> 2.15.2.1, ~> 2.17.1.2, >= 2.19.2	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-27113	MEDIUM6	libxml2 2.9.13-14.el9_7 No fix yet	1.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-44604	MEDIUM5.95	rpm-libs 4.16.1.3-40.el9 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2025-13151	MEDIUM5.9	libtasn1 4.16.0-9.el9 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-41996	MEDIUM5.9	openssl-libs 1:3.5.5-2.el9_8 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-22185	MEDIUM5.78	openldap 2.6.8-4.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-4105	MEDIUM5.7	systemd-libs 252-67.el9_8.2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-5915	MEDIUM5.61	libarchive 3.5.3-9.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-5918	MEDIUM5.61	libarchive 3.5.3-9.el9_7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc-common 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4426	MEDIUM5.52	libarchive 3.5.3-9.el9_7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9149	MEDIUM5.52	libsolv 0.7.24-4.el9 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9150	MEDIUM5.52	libsolv 0.7.24-4.el9 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2023-45322	MEDIUM5.52	libxml2 2.9.13-14.el9_7 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	openssl-fips-provider 3.0.7-8.el9 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	openssl-fips-provider-so 3.0.7-8.el9 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	openssl-libs 1:3.5.5-2.el9_8 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-41417	MEDIUM5.52	io.netty:netty-codec-http 4.1.132.Final fixed in 4.1.133.Final, 4.2.13.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42580	MEDIUM5.52	io.netty:netty-codec-http 4.1.132.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0636	MEDIUM5.52	org.bouncycastle:bcprov-jdk18on 1.79 fixed in 1.84	0.5% Theoretical Threat	Directly Exposed
CVE-2026-0636	MEDIUM5.52	org.bouncycastle:bcprov-jdk18on 1.83 fixed in 1.84	0.5% Theoretical Threat	Directly Exposed
CVE-2026-35611	MEDIUM5.52	addressable 2.8.10 fixed in >= 2.9.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33637	MEDIUM5.52	faraday 2.14.1 fixed in >= 2.14.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42256	MEDIUM5.52	net-imap 0.5.13 fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-44249	MEDIUM5.5	io.netty:netty-handler 4.1.132.Final fixed in 4.2.15.Final, 4.1.135.Final	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-34459	MEDIUM5.5	libxml2 2.9.13-14.el9_7 No fix yet	2.3% Low-Moderate Risk	Directly Exposed
CVE-2026-34181	MEDIUM5.35	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.4% Theoretical Threat	Directly Exposed
CVE-2026-1757	MEDIUM5.27	libxml2 2.9.13-14.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM5.1	openssl-libs 1:3.5.5-2.el9_8 No fix yet	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-34479	MEDIUM5.1	org.apache.logging.log4j:log4j-1.2-api 2.19.0 fixed in 2.25.4	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	glibc 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	glibc-common 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-0990	MEDIUM5.02	libxml2 2.9.13-14.el9_7 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-fips-provider 3.0.7-8.el9 fixed in 3.0.7-11.el9_8	1.0% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-fips-provider-so 3.0.7-8.el9 fixed in 3.0.7-11.el9_8	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2025-5916	MEDIUM4.76	libarchive 3.5.3-9.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-60753	MEDIUM4.67	libarchive 3.5.3-9.el9_7 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-5745	MEDIUM4.67	libarchive 3.5.3-9.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-1632	MEDIUM4.67	libarchive 3.5.3-9.el9_7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2021-46195	MEDIUM4.67	libgcc 11.5.0-14.el9 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc 11.5.0-14.el9 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2021-46195	MEDIUM4.67	libstdc++ 11.5.0-14.el9 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libstdc++ 11.5.0-14.el9 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.4% Theoretical Threat	Directly Exposed
CVE-2024-0232	MEDIUM4.67	sqlite-libs 3.34.1-10.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.2.11-40.el9 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-1489	MEDIUM4.59	glib2 2.68.4-19.el9_8.1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2023-30571	MEDIUM4.5	libarchive 3.5.3-9.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	xz-libs 5.2.5-8.el9_0 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-50020	MEDIUM4.5	io.netty:netty-codec-http 4.1.132.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42250	MEDIUM4.25	bzip2-libs 1.0.8-11.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-common 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-common 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	krb5-libs 1.21.1-10.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2025-5917	MEDIUM4.25	libarchive 3.5.3-9.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42257	MEDIUM4	net-imap 0.5.13 fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.4% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-42258	MEDIUM4	net-imap 0.5.13 fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.9% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-27456	MEDIUM4	libblkid 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	openssl-libs 1:3.5.5-2.el9_8 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2024-9681	LOW3.9	curl-minimal 7.76.1-40.el9 No fix yet	2.0% Low-Moderate Risk	Post-Exploit
CVE-2024-9681	LOW3.9	libcurl-minimal 7.76.1-40.el9 No fix yet	2.0% Low-Moderate Risk	Post-Exploit
CVE-2026-5773	LOW3.82	curl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW3.82	curl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW3.82	libcurl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW3.82	libcurl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW3.82	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-3.el9_8	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW3.82	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.5% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW3.82	openssl 1:3.5.5-2.el9_8 No fix yet	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW3.82	openssl 1:3.5.5-2.el9_8 No fix yet	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW3.77	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42584	LOW3.71	io.netty:netty-codec-http 4.1.132.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2023-4156	LOW3.62	gawk 5.1.0-6.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2005-2541	LOW3.6	tar 2:1.34-11.el9 No fix yet	4.0% Low-Moderate Risk	Post-Exploit
CVE-2024-7264	LOW3.58	curl-minimal 7.76.1-40.el9 No fix yet	16.2% High Exploitation Risk	Post-ExploitContext importance: MEDIUM
CVE-2024-7264	LOW3.58	libcurl-minimal 7.76.1-40.el9 No fix yet	16.2% High Exploitation Risk	Post-ExploitContext importance: MEDIUM
CVE-2026-44604	LOW3.57	rpm 4.16.1.3-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-1484	LOW3.57	glib2 2.68.4-19.el9_8.1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-11053	LOW3.54	curl-minimal 7.76.1-40.el9 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-11053	LOW3.54	libcurl-minimal 7.76.1-40.el9 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-41996	LOW3.54	openssl 1:3.5.5-2.el9_8 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2025-13034	LOW3.47	curl-minimal 7.76.1-40.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW3.47	curl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-13034	LOW3.47	libcurl-minimal 7.76.1-40.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW3.47	libcurl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	curl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	curl-minimal 7.76.1-40.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	curl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW3.31	curl-minimal 7.76.1-40.el9 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	libcurl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	libcurl-minimal 7.76.1-40.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	libcurl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW3.31	libcurl-minimal 7.76.1-40.el9 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-2673	LOW3.31	openssl 1:3.5.5-2.el9_8 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33056	LOW3.31	tar 2:1.34-11.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	curl-minimal 7.76.1-40.el9 No fix yet	0.7% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	libcurl-minimal 7.76.1-40.el9 No fix yet	0.7% Theoretical Threat	Post-Exploit
CVE-2026-34181	LOW3.21	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42768	LOW3.21	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5958	LOW3.21	sed 4.8-10.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-3360	LOW3.15	glib2 2.68.4-19.el9_8.1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2025-7039	LOW3.15	glib2 2.68.4-19.el9_8.1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0988	LOW3.15	glib2 2.68.4-19.el9_8.1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0989	LOW3.15	libxml2 2.9.13-14.el9_7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW3.1	openssl-libs 1:3.5.5-2.el9_8 No fix yet	2.0% Low-Moderate Risk	Directly Exposed
CVE-2026-42764	LOW3.01	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW3.01	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW3.01	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW3.01	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	openssl 1:3.5.5-2.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	openssl-libs 1:3.5.5-2.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	2.3% Low-Moderate Risk	Post-Exploit
CVE-2026-3783	LOW2.91	curl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3783	LOW2.91	libcurl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-24883	LOW2.8	gnupg2 2.3.3-5.el9_7 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-7383	LOW2.8	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 2:1.34-11.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-41990	LOW2.8	libgcrypt 1.10.0-11.el9 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-70873	LOW2.8	sqlite-libs 3.34.1-10.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45445	LOW2.78	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	curl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	curl-minimal 7.76.1-40.el9 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	curl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	libcurl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	libcurl-minimal 7.76.1-40.el9 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	libcurl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW2.7	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW2.7	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-34180	LOW2.55	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.5% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	curl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	libcurl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	openssl 1:3.5.5-2.el9_8 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	openssl-libs 1:3.5.5-2.el9_8 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-41316	LOW2.48	erb 2.2.3 fixed in ~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4	0.5% Theoretical Threat	Post-Exploit
CVE-2026-0992	LOW2.46	libxml2 2.9.13-14.el9_7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2025-14017	LOW2.45	curl-minimal 7.76.1-40.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	libcurl-minimal 7.76.1-40.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	curl-minimal 7.76.1-40.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gnupg2 2.3.3-5.el9_7 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-30258	LOW2.4	gnupg2 2.3.3-5.el9_7 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	libcurl-minimal 7.76.1-40.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2024-13176	LOW2.4	openssl 1:3.5.5-2.el9_8 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-64118	LOW2.4	tar 2:1.34-11.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-48864	LOW2.39	libsolv 0.7.24-4.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1485	LOW2.38	glib2 2.68.4-19.el9_8.1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-32636	LOW2.29	glib2 2.68.4-19.el9_8.1 No fix yet	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-3.el9_8	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.5% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	openssl-libs 1:3.5.5-2.el9_8 No fix yet	0.8% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	pcre2 10.40-6.el9 No fix yet	1.0% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	pcre2-syntax 10.40-6.el9 No fix yet	1.0% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils-single 8.32-40.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-6170	LOW2.12	libxml2 2.9.13-14.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW1.89	openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2025-9232	LOW1.86	openssl 1:3.5.5-2.el9_8 No fix yet	2.0% Low-Moderate Risk	Post-Exploit
CVE-2022-3219	LOW1.68	gnupg2 2.3.3-5.el9_7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2023-39804	LOW1.68	tar 2:1.34-11.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2023-50495	NONE0	ncurses-base 6.2-12.20210508.el9 No fix yet	1.0% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	ncurses-libs 6.2-12.20210508.el9 No fix yet	1.0% Theoretical Threat	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.15.0 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.15.4 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.16.0 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.16.2 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.17.2 fixed in 2.21.1, 2.18.6	—	Not Applicable
CVE-2026-42583	NONE0	io.netty:netty-codec 4.1.132.Final fixed in 4.1.133.Final	0.4% Theoretical Threat	Not Applicable
GHSA-2m67-wjpj-xhg9	NONE0	tools.jackson.core:jackson-core 3.1.0 fixed in 3.1.1	—	Not Applicable
CVE-2026-54904	NONE0	concurrent-ruby 1.1.9 fixed in >= 1.3.7	—	Not Applicable
CVE-2026-54905	NONE0	concurrent-ruby 1.1.9 fixed in >= 1.3.7	—	Not Applicable
CVE-2026-54906	NONE0	concurrent-ruby 1.1.9 fixed in >= 1.3.7	—	Not Applicable
CVE-2026-54297	NONE0	faraday 2.14.1 fixed in >= 2.14.3	—	Not Applicable
CVE-2026-47240	NONE0	net-imap 0.5.13 fixed in ~> 0.5.15, >= 0.6.4.1	0.5% Theoretical Threat	Not Applicable
CVE-2026-47242	NONE0	net-imap 0.5.13 fixed in ~> 0.5.15, >= 0.6.4.1	0.1% Theoretical Threat	Not Applicable
CVE-2026-47241	NONE0	net-imap 0.5.13 fixed in ~> 0.5.15, >= 0.6.4.1	0.2% Theoretical Threat	Not Applicable
GHSA-c4rq-3m3g-8wgx	NONE0	nokogiri 1.18.10 fixed in >= 1.19.3	—	Not Applicable
GHSA-5prr-v3j2-97mh	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-v2fc-qm4h-8hqv	NONE0	nokogiri 1.18.10 fixed in >= 1.19.3	—	Not Applicable
GHSA-wx95-c6cv-8532	NONE0	nokogiri 1.18.10 fixed in >= 1.19.1	—	Not Applicable
GHSA-5v8h-3h3q-446p	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-8678-w3jw-xfc2	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-9cv2-cfxc-v4v2	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-p67v-3w7g-wjg7	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-phwj-rprq-35pp	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-wfpw-mmfh-qq69	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-wjv4-x9w8-wm3h	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
CVE-2026-47736	NONE0	puma 6.6.1 fixed in ~> 7.2.1, >= 8.0.2	—	Not Applicable
CVE-2026-47737	NONE0	puma 6.6.1 fixed in ~> 7.2.1, >= 8.0.2	—	Not Applicable