Vulnerability Reportmongo:7

Name: mongo:7.0.34 Security Vulnerability Report
Creator: BaseImage
Keywords: mongo:7.0.34, Docker security, vulnerability scan, CVE, container security, SBOM

mongo:7.0.34mongo:7.0mongo:7

DIGESTsha256:c1a84ab5d0c17deed1e0dba1d24bd7c76e5c7b281145fe536911939b1551754c

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit the critical certificate validation bypass (CVE-2026-42013) to spoof the MongoDB server, enabling man-in-the-middle attacks and interception of sensitive data. Multiple other high-severity vulnerabilities in `libgnutls30` also present risks, including an authentication bypass (CVE-2026-42010) which applies if RSA-PSK authentication is configured. The potential for unauthorized access, data compromise, and denial of service from a critical database component makes this image unsuitable for production.

Threat Score

100/100

DANGEROUS

A critical remote certificate validation bypass (CVE-2026-42013, severity 8.2) in `libgnutls30` allows for spoofing or man-in-the-middle attacks and interception of sensitive data.
Multiple `gnutls` vulnerabilities (e.g., CVE-2026-42011, CVE-2026-42012) enable additional certificate validation bypasses, potentially leading to spoofing or man-in-the-middle attacks.
An authentication bypass (CVE-2026-42010, severity 7.84) exists in `libgnutls30` if RSA-PSK authentication is used.
A denial of service vulnerability in `libpcre3` (CVE-2017-11164) can be triggered by crafted regular expressions, potentially crashing the MongoDB server.
A total of 4 `EXPOSED_SURFACE` vulnerabilities have a severity of 7.0 or higher, with an overall count of 31 exposed findings.
Despite being an Official Docker Hub image, the presence of these severe, directly applicable vulnerabilities mandates a DANGEROUS verdict.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

mongo:7

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

99 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42013	HIGH8.2	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: HIGH
CVE-2026-42010	HIGH7.84	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: MEDIUM
CVE-2026-42011	HIGH7.4	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: HIGH
CVE-2026-42012	HIGH7.1	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: HIGH
CVE-2026-5260	MEDIUM6.56	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: MEDIUM
CVE-2017-11164	MEDIUM6.38	libpcre3 2:8.39-13ubuntu0.22.04.1 No fix yet	0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-3833	MEDIUM6.29	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-40226	MEDIUM5.44	libsystemd0 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libudev1 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM5.3	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly Exposed
CVE-2026-41989	MEDIUM5.1	libgcrypt20 1.9.4-3ubuntu3 fixed in 1.9.4-3ubuntu3.2	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2022-41409	MEDIUM5.1	libpcre2-8-0 10.39-3ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	libc-bin 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.02	libgcrypt20 1.9.4-3ubuntu3 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2023-7008	MEDIUM5.02	libsystemd0 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	0.5% Theoretical Threat	Directly Exposed
CVE-2023-7008	MEDIUM5.02	libudev1 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	0.5% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	gcc-12-base 12.3.0-1ubuntu1~22.04.3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc-s1 12.3.0-1ubuntu1~22.04.3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libstdc++6 12.3.0-1ubuntu1~22.04.3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.2.5-2ubuntu1 fixed in 5.2.5-2ubuntu1.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-64718	MEDIUM4.5	js-yaml 3.13.1 fixed in 4.1.1, 3.14.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3832	LOW3.15	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-45582	LOW2.86	tar 1.34+dfsg-1ubuntu0.1.22.04.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.34+dfsg-1ubuntu0.1.22.04.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.8	libsystemd0 249.11-0ubuntu3.20 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 249.11-0ubuntu3.20 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33845	LOW2.78	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-42009	LOW2.7	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-33846	LOW2.29	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-4899	LOW2.29	libzstd1 1.4.8+dfsg-3build1 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW2.16	login 1:4.8.1-2ubuntu2.2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.8.1-2ubuntu2.2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-50495	LOW1.99	ncurses-bin 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-29383	LOW1.68	login 1:4.8.1-2ubuntu2.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-29383	LOW1.68	passwd 1:4.8.1-2ubuntu2.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68121	NONE0	stdlib v1.24.6 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2025-61726	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61729	NONE0	stdlib v1.24.6 fixed in 1.24.11, 1.25.5	<0.1% Theoretical Threat	Not Applicable
CVE-2026-25679	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32280	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32281	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32283	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2025-58183	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61728	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	libncurses6 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	libncursesw6 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	libtinfo6 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	ncurses-base 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61727	NONE0	stdlib v1.24.6 fixed in 1.24.11, 1.25.5	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32282	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32289	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32288	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-27142	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2025-47912	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58185	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58187	NONE0	stdlib v1.24.6 fixed in 1.24.9, 1.25.3	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58188	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58189	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61723	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61724	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61725	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61730	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58186	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	libsmartcols1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27139	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42014	NONE0	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable