Vulnerability Reportmariadb:11

Name: mariadb:11.8-noble Security Vulnerability Report
Creator: BaseImage
Keywords: mariadb:11.8-noble, Docker security, vulnerability scan, CVE, container security, SBOM

mariadb:11.8.8-noblemariadb:11.8.8mariadb:11.8-noblemariadb:11.8mariadb:11-noblemariadb:11

DIGESTsha256:be1ef4fe5f14589325c08a41c76334097ce66c86264b75e1d28342c742782a61

Executive Summary

NEEDS_ATTENTION

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. While it is an official Docker Hub image, 41 exposed-surface vulnerabilities were found, with a maximum severity of 6.66. The most notable, CVE-2026-42010, could lead to authentication bypass, potentially allowing unauthorized access. Note that CVE-2026-42010 specifically requires gnutls to be configured with RSA-PSK authentication. Another significant issue, CVE-2026-42013, could allow certificate validation bypass. Addressing these medium-severity risks is advised for hardened deployments.

Threat Score

25/100

NEEDS_ATTENTION

The image is official, published by Docker Official, and pinned by digest, indicating a high level of trust and immutability.
However, 41 exposed-surface vulnerabilities were identified, with 3 having severities ranging from 6.0 to 6.66.
The most critical exposed vulnerability, CVE-2026-42010, could lead to an authentication bypass in gnutls if RSA-PSK is configured.
Another significant exposed vulnerability, CVE-2026-42013, may allow certificate validation bypass.
Post-exploit vulnerabilities are of low severity, with a maximum of 2.86.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

mariadb:11

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

89 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42010	MEDIUM6.66	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42013	MEDIUM6.56	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	—	Directly ExposedContext importance: MEDIUM
CVE-2025-29481	MEDIUM6.21	libbpf1 1:1.3.0-2build2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42012	MEDIUM5.68	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	—	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM5.52	libc-bin 2.39-0ubuntu8.7 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc-bin 2.39-0ubuntu8.7 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	libc6 2.39-0ubuntu8.7 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc6 2.39-0ubuntu8.7 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34303	MEDIUM5.52	libmariadb3 1:11.8.8+maria~ubu2404 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34303	MEDIUM5.52	mariadb-common 1:11.8.8+maria~ubu2404 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34303	MEDIUM5.52	mariadb-server 1:11.8.8+maria~ubu2404 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34303	MEDIUM5.52	mariadb-server-core 1:11.8.8+maria~ubu2404 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34303	MEDIUM5.52	mysql-common 1:11.8.8+maria~ubu2404 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM5.3	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	—	Directly Exposed
CVE-2026-41989	MEDIUM5.1	libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-3833	MEDIUM5.03	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42011	MEDIUM5.03	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	libc-bin 2.39-0ubuntu8.7 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.39-0ubuntu8.7 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.02	libgcrypt20 1.10.3-2build1 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2026-5260	MEDIUM4.92	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	—	Directly Exposed
CVE-2026-33845	MEDIUM4.64	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42009	MEDIUM4.5	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	—	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.39-0ubuntu8.7 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.39-0ubuntu8.7 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.39.3-9ubuntu6.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-1376	MEDIUM4	libelf1t64 0.190-1.1ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.39.3-9ubuntu6.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.39.3-9ubuntu6.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.39.3-9ubuntu6.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33846	LOW3.83	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5419	LOW3.7	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	—	Directly Exposed
CVE-2026-4438	LOW3.4	libc-bin 2.39-0ubuntu8.7 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.39-0ubuntu8.7 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3832	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-45582	LOW2.86	tar 1.35+dfsg-3build1 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.35+dfsg-3build1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.8	libsystemd0 255.4-1ubuntu8.15 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 255.4-1ubuntu8.15 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34743	LOW2.7	xz-utils 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.39.3-9ubuntu6.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.39.3-9ubuntu6.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.39.3-9ubuntu6.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-1352	LOW2.29	libelf1t64 0.190-1.1ubuntu0.1 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW2.16	login 1:4.13+dfsg1-4ubuntu3.2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2026-34303	LOW1.99	mariadb-backup 1:11.8.8+maria~ubu2404 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-34303	LOW1.99	mariadb-client 1:11.8.8+maria~ubu2404 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-34303	LOW1.99	mariadb-client-core 1:11.8.8+maria~ubu2404 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68121	NONE0	stdlib v1.24.6 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61726	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61729	NONE0	stdlib v1.24.6 fixed in 1.24.11, 1.25.5	<0.1% Theoretical Threat	Not Applicable
CVE-2026-25679	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32280	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32281	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32283	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58183	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61728	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61727	NONE0	stdlib v1.24.6 fixed in 1.24.11, 1.25.5	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32282	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32289	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32288	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27142	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2025-47912	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58185	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58187	NONE0	stdlib v1.24.6 fixed in 1.24.9, 1.25.3	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58188	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58189	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61723	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61724	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61725	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61730	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58186	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27139	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42014	NONE0	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable