Vulnerability Reportmanticoresearch/manticore:dev-27.0.0

manticoresearch/manticore:dev-27.0.0-801beeamanticoresearch/manticore:dev-27.0.0

DIGESTsha256:7cc166404db3eeffe2c4f899b0acbce70ba85ace62613e97279eddda58229b1b

Executive Summary

Threat ScoreNEEDS ATTENTION• Exposed surface has 69 vulnerabilities, with 2 medium-severity findings (CVE-2026-42010, CVE-2026-41989) scored between 6.0 and 6.9.• Post-exploit vulnerabilities are all low severity (max 3.3), posing minimal risk after compromise.• Image is from a popular community publisher (3M+ pulls) and pinned by digest, ensuring integrity.• No critical or high-severity vulnerabilities are present on the exposed surface.

25/100NEEDS ATTENTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (3M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The image has 69 known vulnerabilities on its exposed surface, with two medium-severity CVEs: CVE-2026-41989 (remote denial of service via crafted ECDH ciphertext during TLS handshake) and CVE-2026-42010 (authentication bypass if RSA-PSK is enabled, which is non-default). Post-exploit findings are all low severity, so the main risk is availability. Disabling RSA-PSK or ECDHE ciphersuites would fully mitigate the respective vulnerabilities.

Vulnerabilities

Vulnerability Log

120 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42010	MEDIUM6.66	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-41989	MEDIUM6.38	libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1	0.2% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42014	MEDIUM5.61	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42013	MEDIUM5.58	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5260	MEDIUM5.58	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2017-13716	MEDIUM5.5	libbinutils 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Directly Exposed
CVE-2017-13716	MEDIUM5.5	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Directly Exposed
CVE-2017-13716	MEDIUM5.5	libctf0 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Directly Exposed
CVE-2017-13716	MEDIUM5.5	libgprofng0 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Directly Exposed
CVE-2017-13716	MEDIUM5.5	libsframe1 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Directly Exposed
CVE-2026-3833	MEDIUM5.03	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42011	MEDIUM5.03	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42012	MEDIUM4.82	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-2236	MEDIUM4.72	libgcrypt20 1.10.3-2build1 No fix yet	1.1% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-69651	MEDIUM4.67	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69651	MEDIUM4.67	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69651	MEDIUM4.67	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-66382	MEDIUM4.67	libexpat1 2.6.1-2ubuntu0.4 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69651	MEDIUM4.67	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69651	MEDIUM4.67	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM4.42	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM4.42	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-27456	MEDIUM4	libblkid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libfdisk1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2017-13716	LOW3.3	binutils 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2017-13716	LOW3.3	binutils-common 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2017-13716	LOW3.3	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2025-1152	LOW3.15	libbinutils 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2025-1152	LOW3.15	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2025-1152	LOW3.15	libctf0 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2026-3832	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5419	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-1152	LOW3.15	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2025-1152	LOW3.15	libsframe1 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2025-45582	LOW2.86	tar 1.35+dfsg-3build1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW2.8	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69648	LOW2.8	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69652	LOW2.8	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69647	LOW2.8	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69648	LOW2.8	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69652	LOW2.8	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69647	LOW2.8	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69648	LOW2.8	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69652	LOW2.8	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69647	LOW2.8	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69648	LOW2.8	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69652	LOW2.8	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69647	LOW2.8	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69648	LOW2.8	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69652	LOW2.8	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd-shared 255.4-1ubuntu8.16 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 255.4-1ubuntu8.16 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 255.4-1ubuntu8.16 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-33845	LOW2.78	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW2.38	libbinutils 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69645	LOW2.38	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69646	LOW2.38	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69644	LOW2.38	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69645	LOW2.38	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69646	LOW2.38	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69644	LOW2.38	libctf0 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69645	LOW2.38	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69646	LOW2.38	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69644	LOW2.38	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69645	LOW2.38	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69646	LOW2.38	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69644	LOW2.38	libsframe1 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69645	LOW2.38	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69646	LOW2.38	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-33846	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.9% Theoretical Threat	Post-Exploit
CVE-2026-42009	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Post-Exploit
CVE-2021-31879	LOW2.2	wget 1.21.4-1ubuntu4.1 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	binutils 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	binutils-common 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	login 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4046	LOW1.62	libc-bin 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-4046	LOW1.62	libc6 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-42015	LOW1.62	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	binutils 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	binutils-common 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4437	NONE0	locales 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-6238	NONE0	locales 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-5435	NONE0	locales 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-4046	NONE0	locales 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2026-4438	NONE0	locales 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-40228	NONE0	systemd 255.4-1ubuntu8.16 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-40228	NONE0	systemd-dev 255.4-1ubuntu8.16 No fix yet	0.2% Theoretical Threat	Not Applicable