Vulnerability Reportmongo:6

Name: mongo:6.0.28 Security Vulnerability Report
Creator: BaseImage
Keywords: mongo:6.0.28, Docker security, vulnerability scan, CVE, container security, SBOM

mongo:6.0.28mongo:6.0mongo:6

DIGESTsha256:8b6d8f5bbedb25cb73517b65cf99f13aeb75ad5b157a56c479287a840bbad3ac

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. A remote attacker could exploit multiple high-severity vulnerabilities in `libgnutls30`, including CVE-2026-42013 and CVE-2026-42012, to bypass certificate validation. This could lead to spoofing, man-in-the-middle attacks, and interception of sensitive information. Immediate remediation or selection of an alternative image is required.

Threat Score

85/100

DANGEROUS

The image carries a DANGEROUS threat score of 85, indicating severe security risks.
Multiple critical exposed vulnerabilities in `libgnutls30`, including CVE-2026-42013 (severity 8.2) and CVE-2026-42012 (severity 7.1), allow remote attackers to bypass certificate validation.
These `libgnutls30` vulnerabilities have high context importance for MongoDB, potentially enabling spoofing or man-in-the-middle attacks against secure communication.
An additional high-context vulnerability, CVE-2017-11164 in `libpcre3` (severity 6.38), could lead to a denial of service through crafted regular expressions in MongoDB queries.
In total, 33 exposed-surface vulnerabilities were identified, with 7 having a severity score of 6.0 or higher.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

mongo:6

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

99 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42013	HIGH8.2	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: HIGH
CVE-2026-42012	HIGH7.1	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: HIGH
CVE-2026-42010	MEDIUM6.66	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5260	MEDIUM6.56	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: MEDIUM
CVE-2017-11164	MEDIUM6.38	libpcre3 2:8.39-13ubuntu0.22.04.1 No fix yet	0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-3833	MEDIUM6.29	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42011	MEDIUM6.29	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-40226	MEDIUM5.44	libsystemd0 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libudev1 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM5.3	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc-bin 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.02	libgcrypt20 1.9.4-3ubuntu3 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2023-7008	MEDIUM5.02	libsystemd0 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	0.5% Theoretical Threat	Directly Exposed
CVE-2023-7008	MEDIUM5.02	libudev1 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	0.5% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	gcc-12-base 12.3.0-1ubuntu1~22.04.3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc-s1 12.3.0-1ubuntu1~22.04.3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libstdc++6 12.3.0-1ubuntu1~22.04.3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33845	MEDIUM4.64	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42009	MEDIUM4.5	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.2.5-2ubuntu1 fixed in 5.2.5-2ubuntu1.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-64718	MEDIUM4.5	js-yaml 3.13.1 fixed in 4.1.1, 3.14.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-41989	LOW3.83	libgcrypt20 1.9.4-3ubuntu3 fixed in 1.9.4-3ubuntu3.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33846	LOW3.83	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3832	LOW3.15	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-45582	LOW2.86	tar 1.34+dfsg-1ubuntu0.1.22.04.2 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.34+dfsg-1ubuntu0.1.22.04.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.8	libsystemd0 249.11-0ubuntu3.20 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 249.11-0ubuntu3.20 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	LOW2.4	bsdutils 1:2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	libpcre2-8-0 10.39-3ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-4899	LOW2.29	libzstd1 1.4.8+dfsg-3build1 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW2.16	login 1:4.8.1-2ubuntu2.2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.8.1-2ubuntu2.2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-29383	LOW1.68	login 1:4.8.1-2ubuntu2.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-29383	LOW1.68	passwd 1:4.8.1-2ubuntu2.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68121	NONE0	stdlib v1.24.6 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61726	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61729	NONE0	stdlib v1.24.6 fixed in 1.24.11, 1.25.5	<0.1% Theoretical Threat	Not Applicable
CVE-2026-25679	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32280	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32281	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32283	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58183	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61728	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	libncurses6 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	libncursesw6 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	libtinfo6 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	ncurses-base 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	ncurses-bin 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61727	NONE0	stdlib v1.24.6 fixed in 1.24.11, 1.25.5	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32282	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32289	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32288	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27142	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2025-47912	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58185	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58187	NONE0	stdlib v1.24.6 fixed in 1.24.9, 1.25.3	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58188	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58189	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61723	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61724	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61725	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61730	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58186	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	libsmartcols1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27139	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42014	NONE0	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable