Vulnerability Reportlonghornio/longhorn-manager:v1.11.0

longhornio/longhorn-manager:v1.11.0

DIGESTsha256:acea91f195d5ac9500ab597b185b6fe5e90a02336bae70f4847155cdf417eea0

Executive Summary

Threat ScoreCAUTION• 7 exposed vulnerabilities with severity ≥6.0, max CVSS 6.8 (CVE-2025-68121).• High reputation community image (113M+ pulls) pinned by digest reduces trust risk.• Multiple denial-of-service vulnerabilities (CVE-2025-61726, CVE-2026-29181, CVE-2026-33814) threaten availability.• Potential authorization bypass in crypto/tls (CVE-2025-68121) and gRPC (CVE-2026-33186) only with non-default configs.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (113M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The most critical issues enable denial of service (CVE-2026-29181, CVE-2025-61726) and potential authorization bypass under specific configurations (CVE-2025-68121, CVE-2026-33186). Practical impact is moderate because no vulnerability exceeds CVSS 7.0 and several require non-default settings. Restricting network access to trusted clients can reduce remote exploitability, but upgrading the base image is the only complete fix.

Vulnerabilities

Vulnerability Log

90 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-68121	MEDIUM6.8	stdlib v1.25.5 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-29181	MEDIUM6.38	go.opentelemetry.io/otel v1.38.0 fixed in 1.41.0	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2025-61726	MEDIUM6.38	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-25679	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32283	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-33814	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-33186	MEDIUM6.18	google.golang.org/grpc v1.78.0 fixed in 1.79.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM5.1	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32281	MEDIUM5.1	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61728	MEDIUM5.1	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM4.14	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-39820	LOW3.83	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-27142	LOW3.67	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-39826	LOW3.67	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61730	LOW2.7	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-33811	LOW2.29	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
SUSE-SU-2026:0348-1	NONE0	bind-utils 9.20.15-150700.3.12.1 fixed in 9.20.18-150700.3.15.1	—	Not Applicable
SUSE-SU-2026:1351-1	NONE0	bind-utils 9.20.15-150700.3.12.1 fixed in 9.20.21-150700.3.18.1	—	Not Applicable
SUSE-SU-2026:0909-1	NONE0	container-suseconnect 2.5.5-150000.4.77.1 fixed in 2.5.6-150000.4.82.1	—	Not Applicable
SUSE-SU-2026:1484-1	NONE0	container-suseconnect 2.5.5-150000.4.77.1 fixed in 2.5.6-150000.4.84.1	—	Not Applicable
SUSE-SU-2026:2042-1	NONE0	container-suseconnect 2.5.5-150000.4.77.1 fixed in 2.5.6-150000.4.86.1	—	Not Applicable
SUSE-SU-2026:2420-1	NONE0	container-suseconnect 2.5.5-150000.4.77.1 fixed in 2.5.6-150000.4.88.1	—	Not Applicable
SUSE-SU-2026:0903-1	NONE0	curl 8.14.1-150700.7.11.1 fixed in 8.14.1-150700.7.14.1	—	Not Applicable
SUSE-SU-2026:0371-1	NONE0	glibc 2.38-150600.14.37.1 fixed in 2.38-150600.14.40.1	—	Not Applicable
SUSE-SU-2026:1369-1	NONE0	glibc 2.38-150600.14.37.1 fixed in 2.38-150600.14.46.1	—	Not Applicable
SUSE-SU-2026:2231-1	NONE0	glibc 2.38-150600.14.37.1 fixed in 2.38-150600.14.49.1	—	Not Applicable
SUSE-SU-2026:0434-1	NONE0	gpg2 2.4.4-150600.3.12.1 fixed in 2.4.4-150600.3.15.1	—	Not Applicable
SUSE-SU-2026:1418-1	NONE0	iproute2 6.4-150600.7.9.1 fixed in 6.4-150600.7.12.1	—	Not Applicable
SUSE-SU-2026:1441-1	NONE0	libavahi-client3 0.8-150600.15.12.1 fixed in 0.8-150600.15.15.1	—	Not Applicable
SUSE-SU-2026:2297-1	NONE0	libavahi-client3 0.8-150600.15.12.1 fixed in 0.8-150600.15.18.1	—	Not Applicable
SUSE-SU-2026:1441-1	NONE0	libavahi-common3 0.8-150600.15.12.1 fixed in 0.8-150600.15.15.1	—	Not Applicable
SUSE-SU-2026:2297-1	NONE0	libavahi-common3 0.8-150600.15.12.1 fixed in 0.8-150600.15.18.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	libblkid1 2.40.4-150700.4.3.1 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
SUSE-SU-2026:1432-1	NONE0	libcap2 2.63-150400.3.3.1 fixed in 2.63-150400.3.6.1	—	Not Applicable
SUSE-SU-2026:0903-1	NONE0	libcurl4 8.14.1-150700.7.11.1 fixed in 8.14.1-150700.7.14.1	—	Not Applicable
SUSE-SU-2026:1352-1	NONE0	libexpat1 2.7.1-150700.3.6.1 fixed in 2.7.1-150700.3.12.1	—	Not Applicable
SUSE-SU-2026:0646-1	NONE0	libexpat1 2.7.1-150700.3.6.1 fixed in 2.7.1-150700.3.9.2	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	libfdisk1 2.40.4-150700.4.3.1 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
SUSE-SU-2026:0373-1	NONE0	libglib-2_0-0 2.78.6-150600.4.28.1 fixed in 2.78.6-150600.4.35.1	—	Not Applicable
SUSE-SU-2026:2115-1	NONE0	libgnutls30 3.8.3-150600.4.12.1 fixed in 3.8.3-150600.4.20.1	—	Not Applicable
SUSE-SU-2026:0829-1	NONE0	libgnutls30 3.8.3-150600.4.12.1 fixed in 3.8.3-150600.4.17.1	—	Not Applicable
SUSE-SU-2026:2076-1	NONE0	libldb2 4.21.10+git.449.dcced69e1b5-150700.3.19.1 fixed in 4.21.10+git.501.277ba349a01-150700.3.26.1	—	Not Applicable
SUSE-SU-2026:2051-1	NONE0	liblzma5 5.4.1-150600.3.3.1 fixed in 5.4.1-150600.3.6.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	libmount1 2.40.4-150700.4.3.1 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
SUSE-SU-2026:1510-1	NONE0	libncurses6 6.1-150000.5.30.1 fixed in 6.1-150000.5.33.1	—	Not Applicable
SUSE-SU-2026:1356-1	NONE0	libnfsidmap1 1.0-150600.28.12.1 fixed in 1.0-150600.28.19.1	—	Not Applicable
SUSE-SU-2026:1074-1	NONE0	libnghttp2-14 1.64.0-150700.1.5 fixed in 1.64.0-150700.3.3.1	—	Not Applicable
SUSE-SU-2026:1375-1	NONE0	libopenssl-3-fips-provider 3.2.3-150700.5.24.1 fixed in 3.2.3-150700.5.31.1	—	Not Applicable
SUSE-SU-2026:1386-1	NONE0	libopenssl1_1 1.1.1w-150700.11.11.1 fixed in 1.1.1w-150700.11.16.1	—	Not Applicable
SUSE-SU-2026:2392-1	NONE0	libopenssl1_1 1.1.1w-150700.11.11.1 fixed in 1.1.1w-150700.11.22.1	—	Not Applicable
SUSE-SU-2026:1375-1	NONE0	libopenssl3 3.2.3-150700.5.24.1 fixed in 3.2.3-150700.5.31.1	—	Not Applicable
SUSE-SU-2026:0664-1	NONE0	libpython3_6m1_0 3.6.15-150300.10.103.1 fixed in 3.6.15-150300.10.106.1	—	Not Applicable
SUSE-SU-2026:1090-1	NONE0	libpython3_6m1_0 3.6.15-150300.10.103.1 fixed in 3.6.15-150300.10.109.1	—	Not Applicable
SUSE-SU-2026:1715-1	NONE0	libpython3_6m1_0 3.6.15-150300.10.103.1 fixed in 3.6.15-150300.10.118.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	libsmartcols1 2.40.4-150700.4.3.1 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
SUSE-SU-2026:0432-1	NONE0	libsqlite3-0 3.50.2-150000.3.33.1 fixed in 3.51.2-150000.3.36.1	—	Not Applicable
SUSE-SU-2026:1065-1	NONE0	libsqlite3-0 3.50.2-150000.3.33.1 fixed in 3.51.3-150000.3.39.1	—	Not Applicable
SUSE-SU-2026:0779-1	NONE0	libssh-config 0.9.8-150600.11.6.1 fixed in 0.9.8-150600.11.9.1	—	Not Applicable
SUSE-SU-2026:1310-1	NONE0	libssh-config 0.9.8-150600.11.6.1 fixed in 0.9.8-150600.11.12.1	—	Not Applicable
SUSE-SU-2026:0779-1	NONE0	libssh4 0.9.8-150600.11.6.1 fixed in 0.9.8-150600.11.9.1	—	Not Applicable
SUSE-SU-2026:1310-1	NONE0	libssh4 0.9.8-150600.11.6.1 fixed in 0.9.8-150600.11.12.1	—	Not Applicable
SUSE-SU-2026:1040-1	NONE0	libsystemd0 254.27-150600.4.46.2 fixed in 254.27-150600.4.62.1	—	Not Applicable
SUSE-SU-2026:1040-1	NONE0	libudev1 254.27-150600.4.46.2 fixed in 254.27-150600.4.62.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	libuuid1 2.40.4-150700.4.3.1 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
SUSE-SU-2026:0605-1	NONE0	libxml2-2 2.12.10-150700.4.6.1 fixed in 2.12.10-150700.4.11.1	—	Not Applicable
SUSE-SU-2026:0783-1	NONE0	libz1 1.2.13-150500.4.3.1 fixed in 1.2.13-150500.4.6.1	—	Not Applicable
SUSE-RU-2026:1228-1	NONE0	login_defs 4.8.1-150600.17.9.1 fixed in 4.17.2-150600.17.18.1	—	Not Applicable
SUSE-SU-2026:1510-1	NONE0	ncurses-utils 6.1-150000.5.30.1 fixed in 6.1-150000.5.33.1	—	Not Applicable
SUSE-SU-2026:1356-1	NONE0	nfs-client 2.6.4-150600.28.12.1 fixed in 2.6.4-150600.28.19.1	—	Not Applicable
SUSE-SU-2026:1375-1	NONE0	openssl-3 3.2.3-150700.5.24.1 fixed in 3.2.3-150700.5.31.1	—	Not Applicable
SUSE-SU-2026:0664-1	NONE0	python3-base 3.6.15-150300.10.103.1 fixed in 3.6.15-150300.10.106.1	—	Not Applicable
SUSE-SU-2026:1090-1	NONE0	python3-base 3.6.15-150300.10.103.1 fixed in 3.6.15-150300.10.109.1	—	Not Applicable
SUSE-SU-2026:1715-1	NONE0	python3-base 3.6.15-150300.10.103.1 fixed in 3.6.15-150300.10.118.1	—	Not Applicable
SUSE-SU-2026:2076-1	NONE0	samba-client-libs 4.21.10+git.449.dcced69e1b5-150700.3.19.1 fixed in 4.21.10+git.501.277ba349a01-150700.3.26.1	—	Not Applicable
SUSE-SU-2026:1941-1	NONE0	sed 4.9-150600.1.4 fixed in 4.9-150600.3.3.1	—	Not Applicable
SUSE-RU-2026:1228-1	NONE0	shadow 4.8.1-150600.17.9.1 fixed in 4.17.2-150600.17.18.1	—	Not Applicable
SUSE-SU-2026:1040-1	NONE0	systemd 254.27-150600.4.46.2 fixed in 254.27-150600.4.62.1	—	Not Applicable
SUSE-SU-2026:1177-1	NONE0	tar 1.34-150000.3.34.1 fixed in 1.34-150000.3.37.1	—	Not Applicable
SUSE-SU-2026:1510-1	NONE0	terminfo-base 6.1-150000.5.30.1 fixed in 6.1-150000.5.33.1	—	Not Applicable
SUSE-SU-2026:1406-1	NONE0	util-linux 2.40.4-150700.4.3.1 fixed in 2.40.4-150700.4.10.1	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable