This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The only notable finding is CVE-2026-42010 (severity 6.66), a potential authentication bypass in gnutls that only applies if TLS with RSA-PSK is enabled – a non-default configuration. Disabling RSA-PSK cipher suites in the MongoDB TLS settings fully eliminates this risk. The image is an official Docker Hub image with high trust, and all other vulnerabilities are low severity, keeping the overall threat score at 25.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-42010 | MEDIUM6.66 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42014 | MEDIUM5.61 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42013 | MEDIUM5.58 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-5260 | MEDIUM5.58 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.7% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-40226 | MEDIUM5.44 | libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40226 | MEDIUM5.44 | libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-41989 | MEDIUM5.1 | libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1 | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-3833 | MEDIUM5.03 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42011 | MEDIUM5.03 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42012 | MEDIUM4.82 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2024-2236 | MEDIUM4.72 | libgcrypt20 1.10.3-2build1 No fix yet | 1.1% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4046 | MEDIUM4.5 | libc6 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42015 | MEDIUM4.5 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-4437 | MEDIUM4.42 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4437 | MEDIUM4.42 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-27456 | MEDIUM4 | libblkid1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libmount1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libsmartcols1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libuuid1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-3832 | LOW3.15 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5419 | LOW3.15 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-45582 | LOW2.86 | tar 1.35+dfsg-3build1 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-40228 | LOW2.8 | libsystemd0 255.4-1ubuntu8.15 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-40228 | LOW2.8 | libudev1 255.4-1ubuntu8.15 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33845 | LOW2.78 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-4046 | LOW2.7 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | LOW2.4 | bsdutils 1:2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | mount 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | util-linux 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-33846 | LOW2.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-42009 | LOW2.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-6238 | LOW1.99 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6238 | LOW1.99 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW1.84 | login 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW1.84 | passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-5435 | LOW1.81 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-5435 | LOW1.81 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-34743 | LOW1.62 | liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-64718 | LOW1.62 | js-yaml 3.13.1 fixed in 4.1.1, 3.14.2 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-68121 | NONE0 | stdlib v1.24.6 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-33811 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-33814 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-39820 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39836 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2025-61726 | NONE0 | stdlib v1.24.6 fixed in 1.24.12, 1.25.6 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2025-61729 | NONE0 | stdlib v1.24.6 fixed in 1.24.11, 1.25.5 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-25679 | NONE0 | stdlib v1.24.6 fixed in 1.25.8, 1.26.1 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-32280 | NONE0 | stdlib v1.24.6 fixed in 1.25.9, 1.26.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-32281 | NONE0 | stdlib v1.24.6 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-32283 | NONE0 | stdlib v1.24.6 fixed in 1.25.9, 1.26.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-33811 | NONE0 | stdlib v1.24.6 fixed in 1.25.10, 1.26.3 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-33814 | NONE0 | stdlib v1.24.6 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-39820 | NONE0 | stdlib v1.24.6 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39836 | NONE0 | stdlib v1.24.6 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2025-58183 | NONE0 | stdlib v1.24.6 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-61728 | NONE0 | stdlib v1.24.6 fixed in 1.24.12, 1.25.6 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2025-61727 | NONE0 | stdlib v1.24.6 fixed in 1.24.11, 1.25.5 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-32282 | NONE0 | stdlib v1.24.6 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-32289 | NONE0 | stdlib v1.24.6 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-32288 | NONE0 | stdlib v1.24.6 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39826 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-27142 | NONE0 | stdlib v1.24.6 fixed in 1.25.8, 1.26.1 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39826 | NONE0 | stdlib v1.24.6 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-47912 | NONE0 | stdlib v1.24.6 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-58185 | NONE0 | stdlib v1.24.6 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2025-58187 | NONE0 | stdlib v1.24.6 fixed in 1.24.9, 1.25.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-58188 | NONE0 | stdlib v1.24.6 fixed in 1.24.8, 1.25.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-58189 | NONE0 | stdlib v1.24.6 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-61723 | NONE0 | stdlib v1.24.6 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2025-61724 | NONE0 | stdlib v1.24.6 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2025-61725 | NONE0 | stdlib v1.24.6 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2025-61730 | NONE0 | stdlib v1.24.6 fixed in 1.24.12, 1.25.6 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-58186 | NONE0 | stdlib v1.24.6 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-27139 | NONE0 | stdlib v1.24.6 fixed in 1.25.8, 1.26.1 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-53550 | NONE0 | js-yaml 3.13.1 fixed in 4.2.0 | — | Not Applicable |
| CVE-2026-39823 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39825 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42499 | NONE0 | stdlib v1.25.9 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-42504 | NONE0 | stdlib v1.25.9 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-27145 | NONE0 | stdlib v1.25.9 fixed in 1.25.11, 1.26.4 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-42507 | NONE0 | stdlib v1.25.9 fixed in 1.25.11, 1.26.4 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39823 | NONE0 | stdlib v1.24.6 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39825 | NONE0 | stdlib v1.24.6 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42499 | NONE0 | stdlib v1.24.6 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-42504 | NONE0 | stdlib v1.24.6 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-27145 | NONE0 | stdlib v1.24.6 fixed in 1.25.11, 1.26.4 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-42507 | NONE0 | stdlib v1.24.6 fixed in 1.25.11, 1.26.4 | 0.3% Theoretical Threat | Not Applicable |