Last scanned:
This base/runtime image is a reasonable foundation, but it ships vulnerabilities worth remediating in the images built on top of it. The primary concern is CVE-2026-33630 in c-ares, which could allow an attacker to cause memory corruption via crafted DNS responses, leading to denial of service or potential code execution. While the 16 post-exploit vulnerabilities are low severity, they should be patched for defense in depth. Remediation involves updating c-ares to a patched version. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-33630 | MEDIUM6 | c-ares 1.34.6-r0 fixed in 1.34.8-r0 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4873 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7009 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7009 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW1.99 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW1.99 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
Want to check another image? Run a full scan with the Docker Security Scanner.