This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service by sending a malicious XML document to the Logstash input, or trigger memory exhaustion via a crafted TLS ClientHello, crashing the service. Disabling the XML input plugin and restricting network access to trusted sources can reduce the attack surface. Note that the Netty vulnerability is triggered by default in TLS-enabled pipelines.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2025-27113 | HIGH7.5 | libxml2 2.9.13-14.el9_7 No fix yet | 1.0% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2026-6732 | MEDIUM6.38 | libxml2 2.9.13-14.el9_7 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-34182 | MEDIUM6.29 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-7264 | MEDIUM5.98 | curl-minimal 7.76.1-40.el9 No fix yet | 16.2% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-7264 | MEDIUM5.98 | libcurl-minimal 7.76.1-40.el9 No fix yet | 16.2% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-44604 | MEDIUM5.95 | rpm-libs 4.16.1.3-40.el9 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-13151 | MEDIUM5.9 | libtasn1 4.16.0-9.el9 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-41996 | MEDIUM5.9 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-22185 | MEDIUM5.78 | openldap 2.6.8-4.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4105 | MEDIUM5.7 | systemd-libs 252-67.el9_8.2 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-5915 | MEDIUM5.61 | libarchive 3.5.3-9.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-5918 | MEDIUM5.61 | libarchive 3.5.3-9.el9_7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | glibc 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | glibc-common 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | glibc-minimal-langpack 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4426 | MEDIUM5.52 | libarchive 3.5.3-9.el9_7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9149 | MEDIUM5.52 | libsolv 0.7.24-4.el9 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9150 | MEDIUM5.52 | libsolv 0.7.24-4.el9 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2023-45322 | MEDIUM5.52 | libxml2 2.9.13-14.el9_7 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | openssl-fips-provider 3.0.7-8.el9 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | openssl-fips-provider-so 3.0.7-8.el9 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0636 | MEDIUM5.52 | org.bouncycastle:bcprov-jdk18on 1.83 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33637 | MEDIUM5.52 | faraday 2.14.1 fixed in >= 2.14.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44249 | MEDIUM5.5 | io.netty:netty-handler 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2024-34459 | MEDIUM5.5 | libxml2 2.9.13-14.el9_7 No fix yet | 2.3% Low-Moderate Risk | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-1757 | MEDIUM5.27 | libxml2 2.9.13-14.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM5.1 | io.netty:netty-handler 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-5588 | MEDIUM5.1 | org.bouncycastle:bcpkix-jdk18on 1.83 fixed in 1.84 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-5435 | MEDIUM5.02 | glibc 2.34-270.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | glibc-common 2.34-270.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | glibc-minimal-langpack 2.34-270.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-0990 | MEDIUM5.02 | libxml2 2.9.13-14.el9_7 No fix yet | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | openssl-fips-provider 3.0.7-8.el9 fixed in 3.0.7-11.el9_8 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | openssl-fips-provider-so 3.0.7-8.el9 fixed in 3.0.7-11.el9_8 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-31789 | MEDIUM5 | openssl 1:3.5.5-2.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-31789 | MEDIUM5 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45447 | MEDIUM4.86 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2026-45447 | MEDIUM4.86 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2025-5916 | MEDIUM4.76 | libarchive 3.5.3-9.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-60753 | MEDIUM4.67 | libarchive 3.5.3-9.el9_7 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-5745 | MEDIUM4.67 | libarchive 3.5.3-9.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-1632 | MEDIUM4.67 | libarchive 3.5.3-9.el9_7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2021-46195 | MEDIUM4.67 | libgcc 11.5.0-14.el9 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2022-27943 | MEDIUM4.67 | libgcc 11.5.0-14.el9 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2021-46195 | MEDIUM4.67 | libstdc++ 11.5.0-14.el9 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2022-27943 | MEDIUM4.67 | libstdc++ 11.5.0-14.el9 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-0232 | MEDIUM4.67 | sqlite-libs 3.34.1-10.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib 1.2.11-40.el9 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45445 | MEDIUM4.64 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45445 | MEDIUM4.64 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-1489 | MEDIUM4.59 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2023-30571 | MEDIUM4.5 | libarchive 3.5.3-9.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34743 | MEDIUM4.5 | xz-libs 5.2.5-8.el9_0 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-50020 | MEDIUM4.5 | io.netty:netty-codec-http 4.1.133.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42250 | MEDIUM4.25 | bzip2-libs 1.0.8-11.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | glibc 2.34-270.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | glibc 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | glibc-common 2.34-270.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | glibc-common 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | glibc-minimal-langpack 2.34-270.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | glibc-minimal-langpack 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-11850 | MEDIUM4.25 | krb5-libs 1.21.1-10.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-5917 | MEDIUM4.25 | libarchive 3.5.3-9.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-15079 | MEDIUM4.13 | curl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-15079 | MEDIUM4.13 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-28387 | MEDIUM4.13 | openssl 1:3.5.5-2.el9_8 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-28387 | MEDIUM4.13 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libblkid 2.37.4-25.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libmount 2.37.4-25.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libsmartcols 2.37.4-25.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libuuid 2.37.4-25.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-13176 | MEDIUM4 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-9681 | LOW3.9 | curl-minimal 7.76.1-40.el9 No fix yet | 2.0% Low-Moderate Risk | Post-Exploit |
| CVE-2024-9681 | LOW3.9 | libcurl-minimal 7.76.1-40.el9 No fix yet | 2.0% Low-Moderate Risk | Post-Exploit |
| CVE-2023-32636 | LOW3.83 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-41989 | LOW3.83 | libgcrypt 1.10.0-11.el9 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | LOW3.83 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-3.el9_8 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | LOW3.83 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-28388 | LOW3.83 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | LOW3.83 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-5598 | LOW3.83 | org.bouncycastle:bcprov-jdk18on 1.83 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5773 | LOW3.82 | curl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW3.82 | curl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW3.82 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW3.82 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-28390 | LOW3.82 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-3.el9_8 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-34183 | LOW3.82 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-28388 | LOW3.82 | openssl 1:3.5.5-2.el9_8 No fix yet | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-28389 | LOW3.82 | openssl 1:3.5.5-2.el9_8 No fix yet | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW3.77 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2023-4156 | LOW3.62 | gawk 5.1.0-6.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2005-2541 | LOW3.6 | tar 2:1.34-11.el9 No fix yet | 4.0% Low-Moderate Risk | Post-Exploit |
| CVE-2026-44604 | LOW3.57 | rpm 4.16.1.3-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-1484 | LOW3.57 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-11053 | LOW3.54 | curl-minimal 7.76.1-40.el9 No fix yet | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2024-11053 | LOW3.54 | libcurl-minimal 7.76.1-40.el9 No fix yet | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2024-41996 | LOW3.54 | openssl 1:3.5.5-2.el9_8 No fix yet | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2025-13034 | LOW3.47 | curl-minimal 7.76.1-40.el9 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-1965 | LOW3.47 | curl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-13034 | LOW3.47 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-1965 | LOW3.47 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-3784 | LOW3.31 | curl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW3.31 | curl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW3.31 | curl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-14524 | LOW3.31 | curl-minimal 7.76.1-40.el9 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-3784 | LOW3.31 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW3.31 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW3.31 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-14524 | LOW3.31 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-2673 | LOW3.31 | openssl 1:3.5.5-2.el9_8 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-33056 | LOW3.31 | tar 2:1.34-11.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-3805 | LOW3.21 | curl-minimal 7.76.1-40.el9 No fix yet | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-3805 | LOW3.21 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-34181 | LOW3.21 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-42768 | LOW3.21 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-5958 | LOW3.21 | sed 4.8-10.el9 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-3360 | LOW3.15 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-7039 | LOW3.15 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0988 | LOW3.15 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0989 | LOW3.15 | libxml2 2.9.13-14.el9_7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-9232 | LOW3.1 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2026-42764 | LOW3.01 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-42769 | LOW3.01 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42770 | LOW3.01 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW3.01 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-3783 | LOW2.91 | curl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-3783 | LOW2.91 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-24883 | LOW2.8 | gnupg2 2.3.3-5.el9_7 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-7383 | LOW2.8 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5704 | LOW2.8 | tar 2:1.34-11.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-41990 | LOW2.8 | libgcrypt 1.10.0-11.el9 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-70873 | LOW2.8 | sqlite-libs 3.34.1-10.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4873 | LOW2.7 | curl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | curl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | curl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-42766 | LOW2.7 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42767 | LOW2.7 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-34180 | LOW2.55 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-41316 | LOW2.48 | erb 4.0.4 fixed in ~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-0992 | LOW2.46 | libxml2 2.9.13-14.el9_7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-14017 | LOW2.45 | curl-minimal 7.76.1-40.el9 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-14017 | LOW2.45 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-15224 | LOW2.4 | curl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-68972 | LOW2.4 | gnupg2 2.3.3-5.el9_7 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-30258 | LOW2.4 | gnupg2 2.3.3-5.el9_7 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-15224 | LOW2.4 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2024-13176 | LOW2.4 | openssl 1:3.5.5-2.el9_8 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2025-64118 | LOW2.4 | tar 2:1.34-11.el9 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-48864 | LOW2.39 | libsolv 0.7.24-4.el9 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-1485 | LOW2.38 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2022-41409 | LOW2.29 | pcre2 10.40-6.el9 No fix yet | 1.0% Theoretical Threat | Post-Exploit |
| CVE-2022-41409 | LOW2.29 | pcre2-syntax 10.40-6.el9 No fix yet | 1.0% Theoretical Threat | Post-Exploit |
| CVE-2026-34479 | LOW2.29 | org.apache.logging.log4j:log4j-1.2-api 2.19.0 fixed in 2.25.4 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-5278 | LOW2.24 | coreutils-single 8.32-40.el9 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-6170 | LOW2.12 | libxml2 2.9.13-14.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW1.89 | openssl 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-9232 | LOW1.86 | openssl 1:3.5.5-2.el9_8 No fix yet | 2.0% Low-Moderate Risk | Post-Exploit |
| CVE-2022-3219 | LOW1.68 | gnupg2 2.3.3-5.el9_7 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2023-39804 | LOW1.68 | tar 2:1.34-11.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2023-50495 | NONE0 | ncurses-base 6.2-12.20210508.el9 No fix yet | 1.0% Theoretical Threat | Not Applicable |
| CVE-2023-50495 | NONE0 | ncurses-libs 6.2-12.20210508.el9 No fix yet | 1.0% Theoretical Threat | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.15.0 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.15.4 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.16.0 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.16.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.17.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| CVE-2026-54904 | NONE0 | concurrent-ruby 1.1.9 fixed in 1.3.7 | — | Not Applicable |
| CVE-2026-54905 | NONE0 | concurrent-ruby 1.1.9 fixed in 1.3.7 | — | Not Applicable |
| CVE-2026-54906 | NONE0 | concurrent-ruby 1.1.9 fixed in 1.3.7 | — | Not Applicable |
| CVE-2026-54297 | NONE0 | faraday 2.14.1 fixed in >= 2.14.3 | — | Not Applicable |
| CVE-2026-47240 | NONE0 | net-imap 0.6.4 fixed in ~> 0.5.15, >= 0.6.4.1 | — | Not Applicable |
| CVE-2026-47242 | NONE0 | net-imap 0.6.4 fixed in ~> 0.5.15, >= 0.6.4.1 | — | Not Applicable |
| CVE-2026-47241 | NONE0 | net-imap 0.6.4 fixed in ~> 0.5.15, >= 0.6.4.1 | — | Not Applicable |
| GHSA-5prr-v3j2-97mh | NONE0 | nokogiri 1.19.3 fixed in >= 1.19.4 | — | Not Applicable |
| GHSA-5v8h-3h3q-446p | NONE0 | nokogiri 1.19.3 fixed in >= 1.19.4 | — | Not Applicable |
| GHSA-8678-w3jw-xfc2 | NONE0 | nokogiri 1.19.3 fixed in >= 1.19.4 | — | Not Applicable |
| GHSA-9cv2-cfxc-v4v2 | NONE0 | nokogiri 1.19.3 fixed in >= 1.19.4 | — | Not Applicable |
| GHSA-p67v-3w7g-wjg7 | NONE0 | nokogiri 1.19.3 fixed in >= 1.19.4 | — | Not Applicable |
| GHSA-phwj-rprq-35pp | NONE0 | nokogiri 1.19.3 fixed in >= 1.19.4 | — | Not Applicable |
| GHSA-wfpw-mmfh-qq69 | NONE0 | nokogiri 1.19.3 fixed in >= 1.19.4 | — | Not Applicable |
| GHSA-wjv4-x9w8-wm3h | NONE0 | nokogiri 1.19.3 fixed in >= 1.19.4 | — | Not Applicable |
| CVE-2026-47736 | NONE0 | puma 6.6.1 fixed in ~> 7.2.1, >= 8.0.2 | — | Not Applicable |
| CVE-2026-47737 | NONE0 | puma 6.6.1 fixed in ~> 7.2.1, >= 8.0.2 | — | Not Applicable |