Vulnerability Reportnginx:latest

Name: nginx:latest Security Vulnerability Report
Creator: BaseImage
Keywords: nginx:latest, Docker security, vulnerability scan, CVE, container security, SBOM

DIGESTsha256:6e23479198b998e5e25921dff8455837c7636a67111a04a635cf1bb363d199dc

Executive Summary

CAUTION

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could potentially achieve remote code execution or file modification by exploiting CVE-2009-4487, or local privilege escalation via CVE-2026-4878. It is important to note that the image, while official, has 26 exposed vulnerabilities with severities of 6.0 or higher. For instance, CVE-2026-32647 affecting NGINX's MP4 module is only a risk if that module is enabled and used to process untrusted MP4 files. Mitigating these vulnerabilities and employing strict network access controls are essential before production use.

Threat Score

50/100

CAUTION

The image contains 26 exposed vulnerabilities with severity 6.0 or higher, with the highest exposed severity being 6.8.
A notable vulnerability, CVE-2009-4487, in NGINX could allow remote attackers to modify log files, potentially leading to command execution.
Potential for local privilege escalation exists via CVE-2026-4878 in libcap2 due to a TOCTOU race condition.
The overall exposed attack surface is significant, with a total of 132 exposed vulnerabilities.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

nginx:latest

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

200 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2009-4487	MEDIUM6.8	nginx 1.29.8-1~trixie No fix yet	2.2% Low-Moderate Risk	Directly Exposed
CVE-2026-4878	MEDIUM6.7	libcap2 1:2.75-10+b8 No fix yet	—	Directly Exposed
CVE-2026-25210	MEDIUM6.63	libexpat1 2.7.1-2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-29111	MEDIUM6.63	libsystemd0 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-8176	MEDIUM6.63	libtiff6 4.7.0-3+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-8177	MEDIUM6.63	libtiff6 4.7.0-3+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-29111	MEDIUM6.63	libudev1 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32647	MEDIUM6.63	nginx 1.29.8-1~trixie No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40225	MEDIUM6.4	libsystemd0 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40226	MEDIUM6.4	libsystemd0 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40225	MEDIUM6.4	libudev1 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40226	MEDIUM6.4	libudev1 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2019-9192	MEDIUM6.38	libc-bin 2.41-12+deb13u2 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2019-9192	MEDIUM6.38	libc6 2.41-12+deb13u2 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-33164	MEDIUM6.38	libde265-0 1.0.15-1+b3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2018-6829	MEDIUM6.38	libgcrypt20 1.11.0-7 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27135	MEDIUM6.38	libnghttp2-14 1.64.0-1.1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27651	MEDIUM6.38	nginx 1.29.8-1~trixie No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-0337	MEDIUM6.38	nginx 1.29.8-1~trixie No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61144	MEDIUM6.21	libtiff6 4.7.0-3+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-68431	MEDIUM6.03	libheif-plugin-dav1d 1.19.8-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-68431	MEDIUM6.03	libheif-plugin-libde265 1.19.8-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-68431	MEDIUM6.03	libheif1 1.19.8-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2018-20796	MEDIUM6	libc-bin 2.41-12+deb13u2 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2018-20796	MEDIUM6	libc6 2.41-12+deb13u2 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2015-3276	MEDIUM6	libldap2 2.6.10+dfsg-1 No fix yet	1.9% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-13034	MEDIUM5.78	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14819	MEDIUM5.78	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-1965	MEDIUM5.78	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-22185	MEDIUM5.78	libldap2 2.6.10+dfsg-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4105	MEDIUM5.7	libsystemd0 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4105	MEDIUM5.7	libudev1 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27654	MEDIUM5.58	nginx 1.29.8-1~trixie No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM5.52	libc-bin 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	libc6 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14524	MEDIUM5.52	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3784	MEDIUM5.52	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2017-9937	MEDIUM5.52	libjbig0 2.1-6.1+b2 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2018-10126	MEDIUM5.52	libtiff6 4.7.0-3+deb13u2 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2022-1210	MEDIUM5.52	libtiff6 4.7.0-3+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3805	MEDIUM5.35	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-1757	MEDIUM5.27	libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-10966	MEDIUM5.02	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.02	libgcrypt20 1.11.0-7 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libk5crypto3 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libk5crypto3 1.21.3-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5-3 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libkrb5-3 1.21.3-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5support0 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libkrb5support0 1.21.3-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-13151	MEDIUM5.02	libtasn1-6 4.20.0-2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-0990	MEDIUM5.02	libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3783	MEDIUM4.84	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-66382	MEDIUM4.67	libexpat1 2.7.1-2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32776	MEDIUM4.67	libexpat1 2.7.1-2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32777	MEDIUM4.67	libexpat1 2.7.1-2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32778	MEDIUM4.67	libexpat1 2.7.1-2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2021-4214	MEDIUM4.67	libpng16-16t64 1.6.48-1+deb13u4 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-61143	MEDIUM4.67	libtiff6 4.7.0-3+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-10911	MEDIUM4.67	libxslt1.1 1.1.35-1.2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27784	MEDIUM4.67	nginx 1.29.8-1~trixie No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28755	MEDIUM4.59	nginx 1.29.8-1~trixie No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc-bin 2.41-12+deb13u2 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc-bin 2.41-12+deb13u2 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc6 2.41-12+deb13u2 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc6 2.41-12+deb13u2 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2025-59375	MEDIUM4.5	libexpat1 2.7.1-2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.8.1-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3713	MEDIUM4.5	libpng16-16t64 1.6.48-1+deb13u4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 257.9-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libudev1 257.9-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libudev1 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libudev1 257.9-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2015-9019	MEDIUM4.5	libxslt1.1 1.1.35-1.2+deb13u2 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2026-34757	MEDIUM4.4	libpng16-16t64 1.6.48-1+deb13u4 No fix yet	—	Directly Exposed
CVE-2011-3389	MEDIUM4.3	libgnutls30t64 3.8.9-3+deb13u2 No fix yet	3.8% Low-Moderate Risk	Directly Exposed
CVE-2026-33165	MEDIUM4.25	libde265-0 1.0.15-1+b3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-61145	MEDIUM4.25	libtiff6 4.7.0-3+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14017	MEDIUM4.08	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-15224	MEDIUM4	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2017-14159	MEDIUM4	libldap2 2.6.10+dfsg-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69720	LOW3.98	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW3.7	libapt-pkg7.0 3.0.3 No fix yet	1.5% Low-Moderate Risk	Directly Exposed
CVE-2026-41080	LOW3.7	libexpat1 2.7.1-2 No fix yet	—	Directly Exposed
CVE-2021-45346	LOW3.65	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2005-2541	LOW3.6	tar 1.35+dfsg-3.1 No fix yet	3.3% Low-Moderate Risk	Post-Exploit
CVE-2020-15719	LOW3.57	libldap2 2.6.10+dfsg-1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc-bin 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc-bin 2.41-12+deb13u2 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.41-12+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc6 2.41-12+deb13u2 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2025-14524	LOW3.31	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW3.3	libsystemd0 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-40228	LOW3.3	libudev1 257.9-1~deb13u1 No fix yet	—	Directly Exposed
CVE-2026-3805	LOW3.21	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW3.15	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW3.15	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW3.15	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-0989	LOW3.15	libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28753	LOW3.15	nginx 1.29.8-1~trixie No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	LOW3.11	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-10966	LOW3.01	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010022	LOW3	libc-bin 2.41-12+deb13u2 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010022	LOW3	libc6 2.41-12+deb13u2 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-3783	LOW2.91	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3949	LOW2.8	libheif-plugin-dav1d 1.19.8-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3949	LOW2.8	libheif-plugin-libde265 1.19.8-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3949	LOW2.8	libheif1 1.19.8-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-70873	LOW2.8	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libsystemd0 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libudev1 257.9-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-8732	LOW2.8	libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2018-5709	LOW2.7	libgssapi-krb5-2 1.21.3-5 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libk5crypto3 1.21.3-5 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libkrb5-3 1.21.3-5 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libkrb5support0 1.21.3-5 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2017-17740	LOW2.7	libldap2 2.6.10+dfsg-1 No fix yet	6.2% Low-Moderate Risk	Post-Exploit
CVE-2017-16232	LOW2.7	libtiff6 4.7.0-3+deb13u2 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2019-1010023	LOW2.69	libc-bin 2.41-12+deb13u2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc6 2.41-12+deb13u2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-11731	LOW2.63	libxslt1.1 1.1.35-1.2+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5704	LOW2.55	tar 1.35+dfsg-3.1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2007-5686	LOW2.5	passwd 1:4.17.4-2 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	libcurl4t64 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-0992	LOW2.46	libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14017	LOW2.45	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2017-18018	LOW2.4	coreutils 9.7-3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 9.7-3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW2.22	apt 3.0.3 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2026-24515	LOW2.12	libexpat1 2.7.1-2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-8534	LOW2.12	libtiff6 4.7.0-3+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-13034	LOW2.08	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW2.08	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW2.08	curl 8.14.1-2+deb13u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.89	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.89	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.89	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.89	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-6141	LOW1.68	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-base 5.40.1-6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69720	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2007-5686	NONE0	login.defs 1:4.17.4-2 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login.defs 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Not Applicable
CVE-2025-6141	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
TEMP-0841856-B18BAF	NONE0	bash 5.2.37-2+b8 No fix yet	—	Not Applicable
CVE-2026-5358	NONE0	libc-bin 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2026-5450	NONE0	libc-bin 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2026-5928	NONE0	libc-bin 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2026-5358	NONE0	libc6 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2026-5450	NONE0	libc6 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2026-5928	NONE0	libc6 2.41-12+deb13u2 No fix yet	—	Not Applicable
CVE-2024-38949	NONE0	libde265-0 1.0.15-1+b3 No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2024-38950	NONE0	libde265-0 1.0.15-1+b3 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2025-61147	NONE0	libde265-0 1.0.15-1+b3 No fix yet	<0.1% Theoretical Threat	Not Applicable
TEMP-0628843-DBAD28	NONE0	login.defs 1:4.17.4-2 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	passwd 1:4.17.4-2 No fix yet	—	Not Applicable
CVE-2026-5958	NONE0	sed 4.9-2 No fix yet	—	Not Applicable
TEMP-0517018-A83CE6	NONE0	sysvinit-utils 3.14-4 No fix yet	—	Not Applicable
TEMP-0290435-0B57B5	NONE0	tar 1.35+dfsg-3.1 No fix yet	—	Not Applicable