Vulnerability Reportopenresty/openresty:1.31.1.1-alpine-fat

openresty/openresty:1.31-alpine-fatopenresty/openresty:1.31.1.1-alpine-fatopenresty/openresty:1.31.1.1-1-alpine-fat

DIGESTsha256:acd832254d9c969b8039c64471118f7123c6b77a36095bee70d67dcf13ff9423

Executive Summary

Threat ScoreNEEDS ATTENTION• Two exposed vulnerabilities with medium severity (max 6.48) require attention before production deployment.• High trust score (90) and popular community image (74M+ pulls) indicate good overall hygiene, but vulnerability scan shows 32 total exposures.• Key finding CVE-2026-45447 affects OpenSSL libraries and could lead to remote code execution under specific configurations (PKCS#7 verification).• No high-severity (>=7) or critical vulnerabilities found, reducing immediate risk.• Post-exploit findings list is empty, so no additional internal attack vectors exist.

25/100NEEDS ATTENTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (74M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The scan found 32 vulnerabilities, of which two are medium severity (max 6.48). The most notable is CVE-2026-45447, which affects OpenSSL's PKCS7_verify() and could allow remote code execution under specific conditions; however, it requires the application to process attacker-supplied PKCS#7 data, which is not typical for a default OpenResty web server configuration. No high-severity or critical vulnerabilities were identified, and the post-exploit analysis found no issues. Given the high community trust and reputable publisher, the overall risk is manageable if the relevant module is disabled.

Vulnerabilities

Vulnerability Log

32 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-45447	MEDIUM6.48	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-45447	MEDIUM6.48	libssl3 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45445	MEDIUM4.64	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45445	MEDIUM4.64	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34183	LOW3.83	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45186	LOW3.83	libexpat 2.7.5-r0 fixed in 2.8.1-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34183	LOW3.83	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34182	LOW3.77	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34182	LOW3.77	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-41080	LOW3.15	libexpat 2.7.5-r0 fixed in 2.8.1-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42764	LOW3.01	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	LOW3.01	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	LOW3.01	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	LOW3.01	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42764	LOW3.01	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	LOW3.01	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	LOW3.01	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	LOW3.01	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	LOW2.7	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	LOW2.7	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	LOW2.7	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	LOW2.7	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed