Vulnerability Reportlonghornio/longhorn-manager:v1.10.1

longhornio/longhorn-manager:v1.10.1

DIGESTsha256:afda26c16e7ab106f94dbc11da1bc91f410487d2e66609ebd126f0d908f7243a

Executive Summary

Threat ScoreCAUTION• 87 exposed vulnerabilities, 10 with severity ≥ 6.0 (max 6.8), including CVE-2025-68121, CVE-2026-29181, and CVE-2026-33186.• Multiple high-impact denial-of-service vulnerabilities in Go stdlib affecting TLS and HTTP/2 handling, reachable without authentication.• The container runs Go v1.25.3, which contains numerous unpatched security issues.• Despite a strong community reputation and pinned digest, the volume of medium-severity issues warrants caution.• Post-exploit vulnerabilities are low severity (max 2.29) and not a primary concern.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (113M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service through multiple vectors, including TLS key update deadlocks (CVE-2026-32283), HTTP/2 infinite loops (CVE-2026-33814), and OpenTelemetry baggage flooding (CVE-2026-29181), or potentially bypass TLS authentication (CVE-2025-68121) or gRPC authorization (CVE-2026-33186) under specific configurations. Note that some vulnerabilities require non-default configurations: CVE-2025-68121 only applies if TLS Config is mutated between handshakes, and CVE-2026-33186 only affects gRPC servers with path-based authorization interceptors using canonical deny rules with a fallback allow. Upgrading the Go runtime and gRPC library would address the majority of these issues.

Vulnerabilities

Vulnerability Log

130 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-68121	MEDIUM6.8	stdlib v1.25.3 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-29181	MEDIUM6.38	go.opentelemetry.io/otel v1.37.0 fixed in 1.41.0	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2025-61726	MEDIUM6.38	stdlib v1.25.3 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2025-61729	MEDIUM6.38	stdlib v1.25.3 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-25679	MEDIUM6.38	stdlib v1.25.3 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32280	MEDIUM6.38	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32281	MEDIUM6.38	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32283	MEDIUM6.38	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-33814	MEDIUM6.38	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-33186	MEDIUM6.18	google.golang.org/grpc v1.76.0 fixed in 1.79.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61727	MEDIUM5.52	stdlib v1.25.3 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM5.1	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61728	MEDIUM5.1	stdlib v1.25.3 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.42.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.25.3 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39820	LOW2.29	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.25.3 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32289	LOW1.87	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Post-Exploit
CVE-2025-13281	LOW1.78	k8s.io/kubernetes v1.34.1 fixed in 1.32.10, 1.33.6, 1.34.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-27142	LOW1.65	stdlib v1.25.3 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39826	LOW1.65	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2025-47914	LOW1.62	golang.org/x/crypto v0.42.0 fixed in 0.45.0	0.5% Theoretical Threat	Post-Exploit
SUSE-SU-2026:0348-1	NONE0	bind-utils 9.20.15-150700.3.12.1 fixed in 9.20.18-150700.3.15.1	—	Not Applicable
SUSE-SU-2026:1351-1	NONE0	bind-utils 9.20.15-150700.3.12.1 fixed in 9.20.21-150700.3.18.1	—	Not Applicable
SUSE-SU-2025:4373-1	NONE0	container-suseconnect 2.5.5-150000.4.73.1 fixed in 2.5.5-150000.4.75.1	—	Not Applicable
SUSE-SU-2026:0319-1	NONE0	container-suseconnect 2.5.5-150000.4.73.1 fixed in 2.5.5-150000.4.77.1	—	Not Applicable
SUSE-SU-2026:0909-1	NONE0	container-suseconnect 2.5.5-150000.4.73.1 fixed in 2.5.6-150000.4.82.1	—	Not Applicable
SUSE-SU-2026:1484-1	NONE0	container-suseconnect 2.5.5-150000.4.73.1 fixed in 2.5.6-150000.4.84.1	—	Not Applicable
SUSE-SU-2026:2042-1	NONE0	container-suseconnect 2.5.5-150000.4.73.1 fixed in 2.5.6-150000.4.86.1	—	Not Applicable
SUSE-SU-2026:2420-1	NONE0	container-suseconnect 2.5.5-150000.4.73.1 fixed in 2.5.6-150000.4.88.1	—	Not Applicable
SUSE-SU-2026:0903-1	NONE0	curl 8.14.1-150700.7.2.1 fixed in 8.14.1-150700.7.14.1	—	Not Applicable
SUSE-SU-2025:4300-1	NONE0	curl 8.14.1-150700.7.2.1 fixed in 8.14.1-150700.7.5.1	—	Not Applicable
SUSE-SU-2026:0052-1	NONE0	curl 8.14.1-150700.7.2.1 fixed in 8.14.1-150700.7.8.1	—	Not Applicable
SUSE-SU-2026:0221-1	NONE0	curl 8.14.1-150700.7.2.1 fixed in 8.14.1-150700.7.11.1	—	Not Applicable
SUSE-SU-2026:0371-1	NONE0	glibc 2.38-150600.14.37.1 fixed in 2.38-150600.14.40.1	—	Not Applicable
SUSE-SU-2026:1369-1	NONE0	glibc 2.38-150600.14.37.1 fixed in 2.38-150600.14.46.1	—	Not Applicable
SUSE-SU-2026:2231-1	NONE0	glibc 2.38-150600.14.37.1 fixed in 2.38-150600.14.49.1	—	Not Applicable
SUSE-SU-2026:0215-1	NONE0	gpg2 2.4.4-150600.3.9.1 fixed in 2.4.4-150600.3.12.1	—	Not Applicable
SUSE-SU-2026:0434-1	NONE0	gpg2 2.4.4-150600.3.9.1 fixed in 2.4.4-150600.3.15.1	—	Not Applicable
SUSE-SU-2026:1418-1	NONE0	iproute2 6.4-150600.7.9.1 fixed in 6.4-150600.7.12.1	—	Not Applicable
SUSE-SU-2026:0259-1	NONE0	libavahi-client3 0.8-150600.15.9.1 fixed in 0.8-150600.15.12.1	—	Not Applicable
SUSE-SU-2026:1441-1	NONE0	libavahi-client3 0.8-150600.15.9.1 fixed in 0.8-150600.15.15.1	—	Not Applicable
SUSE-SU-2026:2297-1	NONE0	libavahi-client3 0.8-150600.15.9.1 fixed in 0.8-150600.15.18.1	—	Not Applicable
SUSE-SU-2026:0259-1	NONE0	libavahi-common3 0.8-150600.15.9.1 fixed in 0.8-150600.15.12.1	—	Not Applicable
SUSE-SU-2026:1441-1	NONE0	libavahi-common3 0.8-150600.15.9.1 fixed in 0.8-150600.15.15.1	—	Not Applicable
SUSE-SU-2026:2297-1	NONE0	libavahi-common3 0.8-150600.15.9.1 fixed in 0.8-150600.15.18.1	—	Not Applicable
SUSE-SU-2026:0230-1	NONE0	libblkid1 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.3.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	libblkid1 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
SUSE-SU-2026:1432-1	NONE0	libcap2 2.63-150400.3.3.1 fixed in 2.63-150400.3.6.1	—	Not Applicable
SUSE-SU-2026:0903-1	NONE0	libcurl4 8.14.1-150700.7.2.1 fixed in 8.14.1-150700.7.14.1	—	Not Applicable
SUSE-SU-2025:4300-1	NONE0	libcurl4 8.14.1-150700.7.2.1 fixed in 8.14.1-150700.7.5.1	—	Not Applicable
SUSE-SU-2026:0052-1	NONE0	libcurl4 8.14.1-150700.7.2.1 fixed in 8.14.1-150700.7.8.1	—	Not Applicable
SUSE-SU-2026:0221-1	NONE0	libcurl4 8.14.1-150700.7.2.1 fixed in 8.14.1-150700.7.11.1	—	Not Applicable
SUSE-RU-2025:4092-1	NONE0	libdw1 0.185-150400.5.3.1 fixed in 0.185-150400.5.8.3	—	Not Applicable
SUSE-SU-2025:4092-1	NONE0	libdw1 0.185-150400.5.3.1 fixed in 0.185-150400.5.8.3	—	Not Applicable
SUSE-RU-2025:4092-1	NONE0	libelf1 0.185-150400.5.3.1 fixed in 0.185-150400.5.8.3	—	Not Applicable
SUSE-SU-2025:4092-1	NONE0	libelf1 0.185-150400.5.3.1 fixed in 0.185-150400.5.8.3	—	Not Applicable
SUSE-SU-2026:1352-1	NONE0	libexpat1 2.7.1-150700.3.6.1 fixed in 2.7.1-150700.3.12.1	—	Not Applicable
SUSE-SU-2026:0646-1	NONE0	libexpat1 2.7.1-150700.3.6.1 fixed in 2.7.1-150700.3.9.2	—	Not Applicable
SUSE-SU-2026:0230-1	NONE0	libfdisk1 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.3.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	libfdisk1 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
SUSE-SU-2026:0018-1	NONE0	libglib-2_0-0 2.78.6-150600.4.16.1 fixed in 2.78.6-150600.4.25.1	—	Not Applicable
SUSE-SU-2026:0373-1	NONE0	libglib-2_0-0 2.78.6-150600.4.16.1 fixed in 2.78.6-150600.4.35.1	—	Not Applicable
SUSE-SU-2025:4308-1	NONE0	libglib-2_0-0 2.78.6-150600.4.16.1 fixed in 2.78.6-150600.4.22.1	—	Not Applicable
SUSE-SU-2026:0286-1	NONE0	libglib-2_0-0 2.78.6-150600.4.16.1 fixed in 2.78.6-150600.4.28.1	—	Not Applicable
SUSE-SU-2026:2115-1	NONE0	libgnutls30 3.8.3-150600.4.9.1 fixed in 3.8.3-150600.4.20.1	—	Not Applicable
SUSE-SU-2025:4323-1	NONE0	libgnutls30 3.8.3-150600.4.9.1 fixed in 3.8.3-150600.4.12.1	—	Not Applicable
SUSE-SU-2026:0829-1	NONE0	libgnutls30 3.8.3-150600.4.9.1 fixed in 3.8.3-150600.4.17.1	—	Not Applicable
SUSE-SU-2026:2076-1	NONE0	libldb2 4.21.8+git.418.e80c9b2a88c-150700.3.11.2 fixed in 4.21.10+git.501.277ba349a01-150700.3.26.1	—	Not Applicable
SUSE-SU-2026:2051-1	NONE0	liblzma5 5.4.1-150600.3.3.1 fixed in 5.4.1-150600.3.6.1	—	Not Applicable
SUSE-SU-2026:0230-1	NONE0	libmount1 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.3.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	libmount1 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
SUSE-SU-2026:1510-1	NONE0	libncurses6 6.1-150000.5.30.1 fixed in 6.1-150000.5.33.1	—	Not Applicable
SUSE-SU-2026:1356-1	NONE0	libnfsidmap1 1.0-150600.28.12.1 fixed in 1.0-150600.28.19.1	—	Not Applicable
SUSE-SU-2026:1074-1	NONE0	libnghttp2-14 1.64.0-150700.1.5 fixed in 1.64.0-150700.3.3.1	—	Not Applicable
SUSE-SU-2026:0309-1	NONE0	libopenssl-3-fips-provider 3.2.3-150700.5.21.1 fixed in 3.2.3-150700.5.24.1	—	Not Applicable
SUSE-SU-2026:1375-1	NONE0	libopenssl-3-fips-provider 3.2.3-150700.5.21.1 fixed in 3.2.3-150700.5.31.1	—	Not Applicable
SUSE-SU-2026:1386-1	NONE0	libopenssl1_1 1.1.1w-150700.11.6.1 fixed in 1.1.1w-150700.11.16.1	—	Not Applicable
SUSE-SU-2026:2392-1	NONE0	libopenssl1_1 1.1.1w-150700.11.6.1 fixed in 1.1.1w-150700.11.22.1	—	Not Applicable
SUSE-SU-2026:0331-1	NONE0	libopenssl1_1 1.1.1w-150700.11.6.1 fixed in 1.1.1w-150700.11.11.1	—	Not Applicable
SUSE-SU-2026:0309-1	NONE0	libopenssl3 3.2.3-150700.5.21.1 fixed in 3.2.3-150700.5.24.1	—	Not Applicable
SUSE-SU-2026:1375-1	NONE0	libopenssl3 3.2.3-150700.5.21.1 fixed in 3.2.3-150700.5.31.1	—	Not Applicable
SUSE-SU-2026:0664-1	NONE0	libpython3_6m1_0 3.6.15-150300.10.97.1 fixed in 3.6.15-150300.10.106.1	—	Not Applicable
SUSE-SU-2026:1090-1	NONE0	libpython3_6m1_0 3.6.15-150300.10.97.1 fixed in 3.6.15-150300.10.109.1	—	Not Applicable
SUSE-SU-2026:1715-1	NONE0	libpython3_6m1_0 3.6.15-150300.10.97.1 fixed in 3.6.15-150300.10.118.1	—	Not Applicable
SUSE-SU-2026:0027-1	NONE0	libpython3_6m1_0 3.6.15-150300.10.97.1 fixed in 3.6.15-150300.10.103.1	—	Not Applicable
SUSE-SU-2025:4368-1	NONE0	libpython3_6m1_0 3.6.15-150300.10.97.1 fixed in 3.6.15-150300.10.100.1	—	Not Applicable
SUSE-SU-2026:0230-1	NONE0	libsmartcols1 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.3.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	libsmartcols1 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
SUSE-SU-2026:0432-1	NONE0	libsqlite3-0 3.50.2-150000.3.33.1 fixed in 3.51.2-150000.3.36.1	—	Not Applicable
SUSE-SU-2026:1065-1	NONE0	libsqlite3-0 3.50.2-150000.3.33.1 fixed in 3.51.3-150000.3.39.1	—	Not Applicable
SUSE-SU-2026:0779-1	NONE0	libssh-config 0.9.8-150600.11.6.1 fixed in 0.9.8-150600.11.9.1	—	Not Applicable
SUSE-SU-2026:1310-1	NONE0	libssh-config 0.9.8-150600.11.6.1 fixed in 0.9.8-150600.11.12.1	—	Not Applicable
SUSE-SU-2026:0779-1	NONE0	libssh4 0.9.8-150600.11.6.1 fixed in 0.9.8-150600.11.9.1	—	Not Applicable
SUSE-SU-2026:1310-1	NONE0	libssh4 0.9.8-150600.11.6.1 fixed in 0.9.8-150600.11.12.1	—	Not Applicable
SUSE-SU-2026:1040-1	NONE0	libsystemd0 254.27-150600.4.43.3 fixed in 254.27-150600.4.62.1	—	Not Applicable
SUSE-SU-2026:0224-1	NONE0	libtasn1 4.13-150000.4.11.1 fixed in 4.13-150000.4.14.1	—	Not Applicable
SUSE-SU-2026:0224-1	NONE0	libtasn1-6 4.13-150000.4.11.1 fixed in 4.13-150000.4.14.1	—	Not Applicable
SUSE-SU-2026:1040-1	NONE0	libudev1 254.27-150600.4.43.3 fixed in 254.27-150600.4.62.1	—	Not Applicable
SUSE-SU-2026:0230-1	NONE0	libuuid1 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.3.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	libuuid1 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
SUSE-SU-2026:0605-1	NONE0	libxml2-2 2.12.10-150700.4.6.1 fixed in 2.12.10-150700.4.11.1	—	Not Applicable
SUSE-SU-2026:0783-1	NONE0	libz1 1.2.13-150500.4.3.1 fixed in 1.2.13-150500.4.6.1	—	Not Applicable
SUSE-RU-2026:1228-1	NONE0	login_defs 4.8.1-150600.17.9.1 fixed in 4.17.2-150600.17.18.1	—	Not Applicable
SUSE-SU-2026:1510-1	NONE0	ncurses-utils 6.1-150000.5.30.1 fixed in 6.1-150000.5.33.1	—	Not Applicable
SUSE-SU-2026:1356-1	NONE0	nfs-client 2.6.4-150600.28.12.1 fixed in 2.6.4-150600.28.19.1	—	Not Applicable
SUSE-SU-2026:0309-1	NONE0	openssl-3 3.2.3-150700.5.21.1 fixed in 3.2.3-150700.5.24.1	—	Not Applicable
SUSE-SU-2026:1375-1	NONE0	openssl-3 3.2.3-150700.5.21.1 fixed in 3.2.3-150700.5.31.1	—	Not Applicable
SUSE-SU-2026:0664-1	NONE0	python3-base 3.6.15-150300.10.97.1 fixed in 3.6.15-150300.10.106.1	—	Not Applicable
SUSE-SU-2026:1090-1	NONE0	python3-base 3.6.15-150300.10.97.1 fixed in 3.6.15-150300.10.109.1	—	Not Applicable
SUSE-SU-2026:1715-1	NONE0	python3-base 3.6.15-150300.10.97.1 fixed in 3.6.15-150300.10.118.1	—	Not Applicable
SUSE-SU-2026:0027-1	NONE0	python3-base 3.6.15-150300.10.97.1 fixed in 3.6.15-150300.10.103.1	—	Not Applicable
SUSE-SU-2025:4368-1	NONE0	python3-base 3.6.15-150300.10.97.1 fixed in 3.6.15-150300.10.100.1	—	Not Applicable
SUSE-SU-2026:2076-1	NONE0	samba-client-libs 4.21.8+git.418.e80c9b2a88c-150700.3.11.2 fixed in 4.21.10+git.501.277ba349a01-150700.3.26.1	—	Not Applicable
SUSE-SU-2026:1941-1	NONE0	sed 4.9-150600.1.4 fixed in 4.9-150600.3.3.1	—	Not Applicable
SUSE-RU-2026:1228-1	NONE0	shadow 4.8.1-150600.17.9.1 fixed in 4.17.2-150600.17.18.1	—	Not Applicable
SUSE-SU-2026:1040-1	NONE0	systemd 254.27-150600.4.43.3 fixed in 254.27-150600.4.62.1	—	Not Applicable
SUSE-SU-2026:1177-1	NONE0	tar 1.34-150000.3.34.1 fixed in 1.34-150000.3.37.1	—	Not Applicable
SUSE-SU-2026:1510-1	NONE0	terminfo-base 6.1-150000.5.30.1 fixed in 6.1-150000.5.33.1	—	Not Applicable
SUSE-SU-2026:0230-1	NONE0	util-linux 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.3.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	util-linux 2.40.4-150700.2.4 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.3 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.3 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.3 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable