Vulnerability Reportlonghornio/longhorn-manager:v1.11.1

longhornio/longhorn-manager:v1.11.1
DIGESTsha256:a4c0870e2b1d9aad9d7233a87ae13b962d807be803fd027e0b642753a80af122

Executive Summary

Threat Score
50/100CAUTION
Reputation
RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service via crafted HTTP/2 frames or TLS certificate chains, and potentially bypass authorization policies in gRPC services if path-based authorization is configured. Upgrading to a patched Go version resolves the stdlib CVEs, and for CVE-2026-33186, updating gRPC to 1.79.3 or using a validating interceptor fully mitigates the risk. Note that the gRPC authorization bypass requires a specific non-default configuration.

Vulnerabilities

Vulnerability Log

70 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-29181MEDIUM6.38
go.opentelemetry.io/otel
v1.38.0
fixed in 1.41.0
0.3%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-32280MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-32283MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-33814MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-33186MEDIUM6.18
google.golang.org/grpc
v1.78.0
fixed in 1.79.3
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-32282MEDIUM5.44
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM5.1
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33811MEDIUM5.1
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-32288MEDIUM4.67
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39820LOW2.29
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39836LOW2.29
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-32289LOW1.87
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39826LOW1.65
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Post-Exploit
SUSE-SU-2026:1351-1NONE0
bind-utils
9.20.18-150700.3.15.1
fixed in 9.20.21-150700.3.18.1
Not Applicable
SUSE-SU-2026:0909-1NONE0
container-suseconnect
2.5.6-150000.4.80.2
fixed in 2.5.6-150000.4.82.1
Not Applicable
SUSE-SU-2026:1484-1NONE0
container-suseconnect
2.5.6-150000.4.80.2
fixed in 2.5.6-150000.4.84.1
Not Applicable
SUSE-SU-2026:2042-1NONE0
container-suseconnect
2.5.6-150000.4.80.2
fixed in 2.5.6-150000.4.86.1
Not Applicable
SUSE-SU-2026:2420-1NONE0
container-suseconnect
2.5.6-150000.4.80.2
fixed in 2.5.6-150000.4.88.1
Not Applicable
SUSE-SU-2026:0903-1NONE0
curl
8.14.1-150700.7.11.1
fixed in 8.14.1-150700.7.14.1
Not Applicable
SUSE-SU-2026:1369-1NONE0
glibc
2.38-150600.14.43.1
fixed in 2.38-150600.14.46.1
Not Applicable
SUSE-SU-2026:2231-1NONE0
glibc
2.38-150600.14.43.1
fixed in 2.38-150600.14.49.1
Not Applicable
SUSE-SU-2026:1418-1NONE0
iproute2
6.4-150600.7.9.1
fixed in 6.4-150600.7.12.1
Not Applicable
SUSE-SU-2026:1441-1NONE0
libavahi-client3
0.8-150600.15.12.1
fixed in 0.8-150600.15.15.1
Not Applicable
SUSE-SU-2026:2297-1NONE0
libavahi-client3
0.8-150600.15.12.1
fixed in 0.8-150600.15.18.1
Not Applicable
SUSE-SU-2026:1441-1NONE0
libavahi-common3
0.8-150600.15.12.1
fixed in 0.8-150600.15.15.1
Not Applicable
SUSE-SU-2026:2297-1NONE0
libavahi-common3
0.8-150600.15.12.1
fixed in 0.8-150600.15.18.1
Not Applicable
SUSE-SU-2026:1406-1NONE0
libblkid1
2.40.4-150700.4.3.1
fixed in 2.40.4-150700.4.10.1
Not Applicable
SUSE-SU-2026:1432-1NONE0
libcap2
2.63-150400.3.3.1
fixed in 2.63-150400.3.6.1
Not Applicable
SUSE-SU-2026:0903-1NONE0
libcurl4
8.14.1-150700.7.11.1
fixed in 8.14.1-150700.7.14.1
Not Applicable
SUSE-SU-2026:1352-1NONE0
libexpat1
2.7.1-150700.3.9.2
fixed in 2.7.1-150700.3.12.1
Not Applicable
SUSE-SU-2026:1406-1NONE0
libfdisk1
2.40.4-150700.4.3.1
fixed in 2.40.4-150700.4.10.1
Not Applicable
SUSE-SU-2026:2115-1NONE0
libgnutls30
3.8.3-150600.4.17.1
fixed in 3.8.3-150600.4.20.1
Not Applicable
SUSE-SU-2026:2076-1NONE0
libldb2
4.21.10+git.449.dcced69e1b5-150700.3.19.1
fixed in 4.21.10+git.501.277ba349a01-150700.3.26.1
Not Applicable
SUSE-SU-2026:2051-1NONE0
liblzma5
5.4.1-150600.3.3.1
fixed in 5.4.1-150600.3.6.1
Not Applicable
SUSE-SU-2026:1406-1NONE0
libmount1
2.40.4-150700.4.3.1
fixed in 2.40.4-150700.4.10.1
Not Applicable
SUSE-SU-2026:1510-1NONE0
libncurses6
6.1-150000.5.30.1
fixed in 6.1-150000.5.33.1
Not Applicable
SUSE-SU-2026:1356-1NONE0
libnfsidmap1
1.0-150600.28.12.1
fixed in 1.0-150600.28.19.1
Not Applicable
SUSE-SU-2026:1074-1NONE0
libnghttp2-14
1.64.0-150700.1.5
fixed in 1.64.0-150700.3.3.1
Not Applicable
SUSE-SU-2026:1375-1NONE0
libopenssl-3-fips-provider
3.2.3-150700.5.24.1
fixed in 3.2.3-150700.5.31.1
Not Applicable
SUSE-SU-2026:1386-1NONE0
libopenssl1_1
1.1.1w-150700.11.11.1
fixed in 1.1.1w-150700.11.16.1
Not Applicable
SUSE-SU-2026:2392-1NONE0
libopenssl1_1
1.1.1w-150700.11.11.1
fixed in 1.1.1w-150700.11.22.1
Not Applicable
SUSE-SU-2026:1375-1NONE0
libopenssl3
3.2.3-150700.5.24.1
fixed in 3.2.3-150700.5.31.1
Not Applicable
SUSE-SU-2026:1090-1NONE0
libpython3_6m1_0
3.6.15-150300.10.106.1
fixed in 3.6.15-150300.10.109.1
Not Applicable
SUSE-SU-2026:1715-1NONE0
libpython3_6m1_0
3.6.15-150300.10.106.1
fixed in 3.6.15-150300.10.118.1
Not Applicable
SUSE-SU-2026:1406-1NONE0
libsmartcols1
2.40.4-150700.4.3.1
fixed in 2.40.4-150700.4.10.1
Not Applicable
SUSE-SU-2026:1065-1NONE0
libsqlite3-0
3.51.2-150000.3.36.1
fixed in 3.51.3-150000.3.39.1
Not Applicable
SUSE-SU-2026:1310-1NONE0
libssh-config
0.9.8-150600.11.9.1
fixed in 0.9.8-150600.11.12.1
Not Applicable
SUSE-SU-2026:1310-1NONE0
libssh4
0.9.8-150600.11.9.1
fixed in 0.9.8-150600.11.12.1
Not Applicable
SUSE-SU-2026:1040-1NONE0
libsystemd0
254.27-150600.4.55.1
fixed in 254.27-150600.4.62.1
Not Applicable
SUSE-SU-2026:1040-1NONE0
libudev1
254.27-150600.4.55.1
fixed in 254.27-150600.4.62.1
Not Applicable
SUSE-SU-2026:1406-1NONE0
libuuid1
2.40.4-150700.4.3.1
fixed in 2.40.4-150700.4.10.1
Not Applicable
SUSE-RU-2026:1228-1NONE0
login_defs
4.8.1-150600.17.9.1
fixed in 4.17.2-150600.17.18.1
Not Applicable
SUSE-SU-2026:1510-1NONE0
ncurses-utils
6.1-150000.5.30.1
fixed in 6.1-150000.5.33.1
Not Applicable
SUSE-SU-2026:1356-1NONE0
nfs-client
2.6.4-150600.28.12.1
fixed in 2.6.4-150600.28.19.1
Not Applicable
SUSE-SU-2026:1375-1NONE0
openssl-3
3.2.3-150700.5.24.1
fixed in 3.2.3-150700.5.31.1
Not Applicable
SUSE-SU-2026:1090-1NONE0
python3-base
3.6.15-150300.10.106.1
fixed in 3.6.15-150300.10.109.1
Not Applicable
SUSE-SU-2026:1715-1NONE0
python3-base
3.6.15-150300.10.106.1
fixed in 3.6.15-150300.10.118.1
Not Applicable
SUSE-SU-2026:2076-1NONE0
samba-client-libs
4.21.10+git.449.dcced69e1b5-150700.3.19.1
fixed in 4.21.10+git.501.277ba349a01-150700.3.26.1
Not Applicable
SUSE-SU-2026:1941-1NONE0
sed
4.9-150600.1.4
fixed in 4.9-150600.3.3.1
Not Applicable
SUSE-RU-2026:1228-1NONE0
shadow
4.8.1-150600.17.9.1
fixed in 4.17.2-150600.17.18.1
Not Applicable
SUSE-SU-2026:1040-1NONE0
systemd
254.27-150600.4.55.1
fixed in 254.27-150600.4.62.1
Not Applicable
SUSE-SU-2026:1177-1NONE0
tar
1.34-150000.3.34.1
fixed in 1.34-150000.3.37.1
Not Applicable
SUSE-SU-2026:1510-1NONE0
terminfo-base
6.1-150000.5.30.1
fixed in 6.1-150000.5.33.1
Not Applicable
SUSE-SU-2026:1406-1NONE0
util-linux
2.40.4-150700.4.3.1
fixed in 2.40.4-150700.4.10.1
Not Applicable
CVE-2026-39823NONE0
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.25.8
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.25.8
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable
CVE-2026-42507NONE0
stdlib
v1.25.8
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable