Vulnerability Reportoliver006/redis_exporter:v1.81.0

oliver006/redis_exporter:v1.81.0

DIGESTsha256:0a0b4058d3698421bf341fc399258fea46df377ac78ed469ba315821b3173b00

Executive Summary

Threat ScoreNEEDS ATTENTION• One exposed vulnerability (CVE-2026-25679) with severity 6.38 in the net/url package, which is used for parsing incoming request URLs in the Redis exporter HTTP server.• No exposed vulnerabilities with severity >= 7.0, and no post-exploit-only issues with high severity.• The image is from a popular community publisher with high reputation and is pinned by digest, ensuring immutability and reliability.• Total of 19 exposed vulnerabilities, but only one exceeds moderate severity.• 15 post-exploit-only findings are all low severity (max 2.69), with no practical impact in this context.

25/100NEEDS ATTENTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (157M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. A moderate-severity URL parsing issue (CVE-2026-25679) exists in the Go standard library, which could allow an attacker to bypass input validation when the Redis exporter processes incoming requests. Upgrading the base image to a version with a patched Go standard library would fully remediate this vulnerability.

Vulnerabilities

Vulnerability Log

34 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-25679	MEDIUM6.38	stdlib v1.25.7 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM5.1	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	LOW3.6	stdlib v1.25.7 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-39828	LOW2.69	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-39829	LOW2.29	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39830	LOW2.29	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-32280	LOW2.29	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-32281	LOW2.29	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-32283	LOW2.29	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33814	LOW2.29	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42508	LOW2.26	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-46595	LOW2.17	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.25.7 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32289	LOW1.87	stdlib v1.25.7 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27142	LOW1.65	stdlib v1.25.7 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39826	LOW1.65	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-46598	LOW1.62	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39827	NONE0	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39835	NONE0	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-46597	NONE0	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39831	NONE0	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39832	NONE0	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39833	NONE0	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39834	NONE0	golang.org/x/crypto v0.47.0 fixed in 0.52.0	0.5% Theoretical Threat	Not Applicable
CVE-2026-39824	NONE0	golang.org/x/sys v0.40.0 fixed in 0.44.0	0.1% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.7 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.7 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.7 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable