Vulnerability Reportmanticoresearch/manticore:dev-27.1.0

manticoresearch/manticore:dev-27.1.0-b363a2emanticoresearch/manticore:dev-27.1.0

DIGESTsha256:f808a5b8415b33ecec8e3e0c597e32a6bee0e4afb60730b9f8e1a31dc1b1bab4

Executive Summary

Threat ScoreNEEDS ATTENTION• 23 exposed vulnerabilities, but only one (CVE-2026-42010) with severity >=6 (6.66) requires non-default RSA-PSK configuration.• 90 post-exploit-only findings exist but all low severity (max 3.3), minimal risk.• High trust: popular community image (3M+ pulls), pinned by digest, trust score 90.• Threat score 25 indicates low overall risk.

25/100NEEDS ATTENTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (3M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The only notable vulnerability, CVE-2026-42010, is an authentication bypass in gnutls that requires the RSA-PSK key exchange mode to be enabled, which is not the default for Manticore Search. If RSA-PSK is not used, this vulnerability is not exploitable. The 90 post-exploit-only findings are all low severity and pose no practical risk. Overall, the image is suitable for deployment with a review of the default configuration to disable RSA-PSK if not needed.

Vulnerabilities

Vulnerability Log

120 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42010	MEDIUM6.66	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42014	MEDIUM5.61	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5260	MEDIUM5.58	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-41989	MEDIUM5.1	libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-2236	MEDIUM4.72	libgcrypt20 1.10.3-2build1 No fix yet	1.1% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-66382	MEDIUM4.67	libexpat1 2.6.1-2ubuntu0.4 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM4.42	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM4.42	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-27456	MEDIUM4	libblkid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libfdisk1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-42015	LOW3.6	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4438	LOW3.4	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2017-13716	LOW3.3	binutils 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2017-13716	LOW3.3	binutils-common 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2017-13716	LOW3.3	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2017-13716	LOW3.3	libbinutils 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2017-13716	LOW3.3	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2017-13716	LOW3.3	libctf0 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2017-13716	LOW3.3	libgprofng0 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2017-13716	LOW3.3	libsframe1 2.42-4ubuntu2.10 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-3832	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5419	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-45582	LOW2.86	tar 1.35+dfsg-3build1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69651	LOW2.8	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.8	libsystemd-shared 255.4-1ubuntu8.16 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 255.4-1ubuntu8.16 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 255.4-1ubuntu8.16 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-33845	LOW2.78	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-4046	LOW2.7	libc-bin 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4046	LOW2.7	libc6 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42013	LOW2.51	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.4% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-33846	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.9% Theoretical Threat	Post-Exploit
CVE-2026-42009	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Post-Exploit
CVE-2026-3833	LOW2.26	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42011	LOW2.26	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Post-Exploit
CVE-2021-31879	LOW2.2	wget 1.21.4-1ubuntu4.1 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-42012	LOW2.17	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	binutils 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	binutils-common 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	libbinutils 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	libctf0 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-1152	LOW1.89	libsframe1 2.42-4ubuntu2.10 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	login 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69647	LOW1.68	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69648	LOW1.68	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69652	LOW1.68	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	binutils 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	binutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	binutils-common 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	binutils-common 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	libbinutils 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	libbinutils 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	libctf-nobfd0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	libctf0 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	libctf0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	libgprofng0 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69644	LOW1.43	libsframe1 2.42-4ubuntu2.10 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69645	LOW1.43	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69646	LOW1.43	libsframe1 2.42-4ubuntu2.10 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4437	NONE0	locales 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-6238	NONE0	locales 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-5435	NONE0	locales 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-4046	NONE0	locales 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2026-4438	NONE0	locales 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-40228	NONE0	systemd 255.4-1ubuntu8.16 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-40228	NONE0	systemd-dev 255.4-1ubuntu8.16 No fix yet	0.2% Theoretical Threat	Not Applicable