Vulnerability Reportpingcap/tidb:v7.5.7

pingcap/tidb:v7.5.7

DIGESTsha256:2c2a2bff9a588cf2d2e6b8a3c41e173aef9f1063d6af8ab9587913021c3dcd18

Executive Summary

Threat ScoreCAUTION• 42 exposed vulnerabilities with severity >=6.0, including CVE-2026-0861 (6.88), CVE-2025-68121 (6.8), and CVE-2026-42010 (6.66).• CVE-2026-0861 (glibc) can cause heap corruption if alignment arguments are attacker-controlled, but typically not easily exploitable.• CVE-2025-68121 (crypto/tls) allows certificate validation bypass during session resumption only when TLS Config is cloned/mutated, not default TiDB behavior.• CVE-2026-42010 (gnutls) requires RSA-PSK cipher suites, which TiDB does not use.• Post-exploit vulnerabilities are low severity (max 4.58) and unlikely to be exploited in this context.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (8M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The exposed surface contains 42 vulnerabilities of medium severity (6.0-6.9), including heap corruption in glibc (CVE-2026-0861) and TLS certificate validation bypass (CVE-2025-68121). However, exploitation of these vulnerabilities typically requires non-default configurations or specific attack conditions, reducing practical exploitability. For instance, CVE-2025-68121 only affects TLS session resumption when the config is cloned and mutated between handshakes, which is not the default TiDB behavior. Similarly, CVE-2026-42010 in gnutls requires RSA-PSK ciphers, which TiDB does not use. While the image is from a reputable source and pinned by digest, remediating these vulnerabilities is recommended to reduce the attack surface.

Vulnerabilities

Vulnerability Log

227 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-0861	MEDIUM6.88	glibc 2.34-168.el9_6.23 fixed in 2.34-231.el9_7.10	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0861	MEDIUM6.88	glibc-common 2.34-168.el9_6.23 fixed in 2.34-231.el9_7.10	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0861	MEDIUM6.88	glibc-minimal-langpack 2.34-168.el9_6.23 fixed in 2.34-231.el9_7.10	0.4% Theoretical Threat	Directly Exposed
CVE-2025-68121	MEDIUM6.8	stdlib v1.21.13 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42010	MEDIUM6.66	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-5914	MEDIUM6.63	libarchive 3.5.3-5.el9_6 fixed in 3.5.3-6.el9_6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-29111	MEDIUM6.63	systemd-libs 252-51.el9_6.1 fixed in 252-67.el9_8.2.rocky.0.1	0.1% Theoretical Threat	Directly Exposed
CVE-2025-13601	MEDIUM6.54	glib2 2.68.4-16.el9_6.2 fixed in 2.68.4-18.el9_7.1	0.3% Theoretical Threat	Directly Exposed
CVE-2023-36054	MEDIUM6.5	krb5-libs 1.21.1-8.el9_6 fixed in 1.21.1-10.el9_8	2.1% Low-Moderate Risk	Directly Exposed
CVE-2026-45186	MEDIUM6.38	expat 2.5.0-5.el9_6 fixed in 2.5.0-6.el9_8.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33846	MEDIUM6.38	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.9% Theoretical Threat	Directly Exposed
CVE-2026-42009	MEDIUM6.38	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.8% Theoretical Threat	Directly Exposed
CVE-2026-4111	MEDIUM6.38	libarchive 3.5.3-5.el9_6 fixed in 3.5.3-7.el9_7	0.7% Theoretical Threat	Directly Exposed
CVE-2026-4424	MEDIUM6.38	libarchive 3.5.3-5.el9_6 fixed in 3.5.3-9.el9_7	0.9% Theoretical Threat	Directly Exposed
CVE-2026-27135	MEDIUM6.38	libnghttp2 1.43.0-6.el9 fixed in 1.43.0-6.el9_7.1	0.6% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.5% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-3.el9_8	0.8% Theoretical Threat	Directly Exposed
CVE-2026-41602	MEDIUM6.38	github.com/apache/thrift v0.13.1-0.20201008052519-daf620915714 fixed in 0.23.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-30204	MEDIUM6.38	github.com/golang-jwt/jwt v3.2.1+incompatible No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2024-21664	MEDIUM6.38	github.com/lestrrat-go/jwx/v2 v2.0.11 fixed in 2.0.19	0.9% Theoretical Threat	Directly Exposed
CVE-2025-22869	MEDIUM6.38	golang.org/x/crypto v0.21.0 fixed in 0.35.0	0.9% Theoretical Threat	Directly Exposed
CVE-2025-22868	MEDIUM6.38	golang.org/x/oauth2 v0.16.0 fixed in 0.27.0	0.8% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM6.38	stdlib v1.21.13 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly Exposed
CVE-2025-61729	MEDIUM6.38	stdlib v1.21.13 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-25679	MEDIUM6.38	stdlib v1.21.13 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.21.13 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.21.13 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.21.13 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.21.13 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.21.13 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.21.13 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.21.13 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2025-58183	MEDIUM6.38	stdlib v1.21.13 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61728	MEDIUM6.38	stdlib v1.21.13 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Directly Exposed
CVE-2026-3833	MEDIUM6.29	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42011	MEDIUM6.29	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-33186	MEDIUM6.18	google.golang.org/grpc v1.59.0 fixed in 1.79.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42012	MEDIUM6.03	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2024-45339	MEDIUM6.03	github.com/golang/glog v1.2.0 fixed in 1.2.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap 2.48-9.el9_2 fixed in 2.48-10.el9_7.1	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47907	MEDIUM5.95	stdlib v1.21.13 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Directly Exposed
CVE-2024-34158	MEDIUM5.9	stdlib v1.21.13 fixed in 1.22.7, 1.23.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-28122	MEDIUM5.78	github.com/lestrrat-go/jwx/v2 v2.0.11 fixed in 2.0.21	0.6% Theoretical Threat	Directly Exposed
CVE-2025-4673	MEDIUM5.78	stdlib v1.21.13 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42014	MEDIUM5.61	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9230	MEDIUM5.6	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-4.el9_7	1.8% Low-Moderate Risk	Directly Exposed
CVE-2025-14512	MEDIUM5.52	glib2 2.68.4-16.el9_6.2 fixed in 2.68.4-19.el9_8.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc 2.34-168.el9_6.23 fixed in 2.34-270.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc-common 2.34-168.el9_6.23 fixed in 2.34-270.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc-minimal-langpack 2.34-168.el9_6.23 fixed in 2.34-270.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2025-6395	MEDIUM5.52	gnutls 3.8.3-6.el9 fixed in 3.8.3-6.el9_6.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-22872	MEDIUM5.52	golang.org/x/net v0.23.0 fixed in 0.38.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-47906	MEDIUM5.52	stdlib v1.21.13 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.21.13 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.21.13 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.4% Theoretical Threat	Directly Exposed
CVE-2025-59375	MEDIUM5.3	expat 2.5.0-5.el9_6 fixed in 2.5.0-5.el9_7.1	1.2% Low-Moderate Risk	Directly Exposed
CVE-2025-32989	MEDIUM5.3	gnutls 3.8.3-6.el9 fixed in 3.8.3-6.el9_6.2	1.2% Low-Moderate Risk	Directly Exposed
CVE-2025-11187	MEDIUM5.18	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.21.13 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	glibc 2.34-168.el9_6.23 fixed in 2.34-231.el9_7.10	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	glibc-common 2.34-168.el9_6.23 fixed in 2.34-231.el9_7.10	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	glibc-minimal-langpack 2.34-168.el9_6.23 fixed in 2.34-231.el9_7.10	0.3% Theoretical Threat	Directly Exposed
CVE-2026-40355	MEDIUM5.02	krb5-libs 1.21.1-8.el9_6 fixed in 1.21.1-10.el9_8	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40356	MEDIUM5.02	krb5-libs 1.21.1-8.el9_6 fixed in 1.21.1-10.el9_8	0.5% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-2.el9_8	1.0% Theoretical Threat	Directly Exposed
CVE-2024-34155	MEDIUM5.02	stdlib v1.21.13 fixed in 1.22.7, 1.23.1	0.8% Theoretical Threat	Directly Exposed
CVE-2024-45336	MEDIUM5.02	stdlib v1.21.13 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-9714	MEDIUM4.67	libxml2 2.9.13-12.el9_6 fixed in 2.9.13-14.el9_7	0.1% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2024-35255	MEDIUM4.67	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 fixed in 1.6.0-beta.4.0.20240610221955-50774cd97099	0.8% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.21.13 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22871	MEDIUM4.59	stdlib v1.21.13 fixed in 1.23.8, 1.24.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.21.13 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.21.13 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-6965	MEDIUM4.58	sqlite-libs 3.34.1-8.el9_6 fixed in 3.34.1-9.el9_7	64.9% Actively Exploited	Post-Exploit
CVE-2026-0915	MEDIUM4.5	glibc 2.34-168.el9_6.23 fixed in 2.34-231.el9_7.10	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc 2.34-168.el9_6.23 fixed in 2.34-270.el9_8	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	glibc-common 2.34-168.el9_6.23 fixed in 2.34-231.el9_7.10	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc-common 2.34-168.el9_6.23 fixed in 2.34-270.el9_8	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	glibc-minimal-langpack 2.34-168.el9_6.23 fixed in 2.34-231.el9_7.10	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc-minimal-langpack 2.34-168.el9_6.23 fixed in 2.34-270.el9_8	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM4.5	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.7% Theoretical Threat	Directly Exposed
CVE-2025-14831	MEDIUM4.5	gnutls 3.8.3-6.el9 fixed in 3.8.3-10.el9_7	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2023-49290	MEDIUM4.5	github.com/lestrrat-go/jwx/v2 v2.0.11 fixed in 2.0.18	0.7% Theoretical Threat	Directly Exposed
CVE-2025-47914	MEDIUM4.5	golang.org/x/crypto v0.21.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.21.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-22866	MEDIUM4.5	stdlib v1.21.13 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.21.13 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.21.13 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.21.13 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.21.13 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.21.13 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.21.13 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.21.13 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.21.13 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.21.13 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.21.13 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.21.13 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.21.13 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.5% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.2% Theoretical Threat	Directly Exposed
CVE-2025-4598	MEDIUM4	systemd-libs 252-51.el9_6.1 fixed in 252-55.el9_7.7.rocky.0.1	0.6% Theoretical Threat	Directly Exposed
CVE-2025-11083	LOW3.98	binutils 2.35.2-63.el9 fixed in 2.35.2-67.el9_7.1	0.2% Theoretical Threat	Post-Exploit
CVE-2025-11083	LOW3.98	binutils-gold 2.35.2-63.el9 fixed in 2.35.2-67.el9_7.1	0.2% Theoretical Threat	Post-Exploit
CVE-2026-28421	LOW3.98	vim-minimal 2:8.2.2637-22.el9_6 fixed in 2:8.2.2637-23.el9_7.2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW3.82	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.5% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW3.82	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-3.el9_8	0.8% Theoretical Threat	Post-Exploit
CVE-2025-69419	LOW3.77	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.4% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW3.77	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2025-22870	LOW3.74	golang.org/x/net v0.23.0 fixed in 0.36.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	stdlib v1.21.13 fixed in 1.23.7, 1.24.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33412	LOW3.72	vim-minimal 2:8.2.2637-22.el9_6 fixed in 2:8.2.2637-23.el9_7.2	0.7% Theoretical Threat	Post-Exploit
CVE-2026-25749	LOW3.72	vim-minimal 2:8.2.2637-22.el9_6 fixed in 2:8.2.2637-23.el9_7.1	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4786	LOW3.62	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-7.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2025-15366	LOW3.62	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-3.el9_7.1	0.3% Theoretical Threat	Post-Exploit
CVE-2025-15367	LOW3.62	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-3.el9_7.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-1299	LOW3.62	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-3.el9_7.1	0.6% Theoretical Threat	Post-Exploit
CVE-2026-4786	LOW3.62	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-7.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2025-15366	LOW3.62	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-3.el9_7.1	0.3% Theoretical Threat	Post-Exploit
CVE-2025-15367	LOW3.62	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-3.el9_7.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-1299	LOW3.62	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-3.el9_7.1	0.6% Theoretical Threat	Post-Exploit
CVE-2026-35177	LOW3.62	vim-minimal 2:8.2.2637-22.el9_6 fixed in 2:8.2.2637-26.el9_8.5	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68973	LOW3.57	gnupg2 2.3.3-4.el9 fixed in 2.3.3-5.el9_7	0.1% Theoretical Threat	Post-Exploit
CVE-2024-45341	LOW3.57	stdlib v1.21.13 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc 2.34-168.el9_6.23 fixed in 2.34-270.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc-common 2.34-168.el9_6.23 fixed in 2.34-270.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc-minimal-langpack 2.34-168.el9_6.23 fixed in 2.34-270.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9820	LOW3.4	gnutls 3.8.3-6.el9 fixed in 3.8.3-10.el9_7	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.1% Theoretical Threat	Directly Exposed
CVE-2025-9230	LOW3.36	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-4.el9_7	1.8% Low-Moderate Risk	Post-Exploit
CVE-2026-34181	LOW3.21	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42768	LOW3.21	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.4% Theoretical Threat	Post-Exploit
CVE-2025-9086	LOW3.18	curl 7.76.1-31.el9_6.1 fixed in 7.76.1-35.el9_7.3	1.3% Low-Moderate Risk	Post-Exploit
CVE-2025-9086	LOW3.18	libcurl-minimal 7.76.1-31.el9_6.1 fixed in 7.76.1-35.el9_7.3	1.3% Low-Moderate Risk	Post-Exploit
CVE-2023-39975	LOW3.17	krb5-libs 1.21.1-8.el9_6 fixed in 1.21.1-10.el9_8	1.2% Low-Moderate Risk	Post-Exploit
CVE-2026-3832	LOW3.15	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5419	LOW3.15	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2025-11187	LOW3.11	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.5% Theoretical Threat	Post-Exploit
CVE-2025-15468	LOW3.01	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.7% Theoretical Threat	Post-Exploit
CVE-2025-66199	LOW3.01	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.4% Theoretical Threat	Post-Exploit
CVE-2025-69420	LOW3.01	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.8% Theoretical Threat	Post-Exploit
CVE-2026-22796	LOW3.01	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.5% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW3.01	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW3.01	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW3.01	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW3.01	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-31790	LOW3.01	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-2.el9_8	1.0% Theoretical Threat	Post-Exploit
CVE-2025-14087	LOW3	glib2 2.68.4-16.el9_6.2 fixed in 2.68.4-19.el9_8.1	0.8% Theoretical Threat	Post-Exploit
CVE-2025-32988	LOW2.95	gnutls 3.8.3-6.el9 fixed in 3.8.3-6.el9_6.2	1.2% Low-Moderate Risk	Post-Exploit
CVE-2024-45337	LOW2.95	golang.org/x/crypto v0.21.0 fixed in 0.31.0	3.1% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	1.4% Low-Moderate Risk	Post-Exploit
CVE-2025-45582	LOW2.86	tar 2:1.34-7.el9 fixed in 2:1.34-9.el9_7	0.4% Theoretical Threat	Post-Exploit
CVE-2026-28417	LOW2.81	vim-minimal 2:8.2.2637-22.el9_6 fixed in 2:8.2.2637-23.el9_7.2	1.2% Low-Moderate Risk	Post-Exploit
CVE-2025-15469	LOW2.8	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.2% Theoretical Threat	Post-Exploit
CVE-2026-22795	LOW2.8	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.1% Theoretical Threat	Post-Exploit
CVE-2026-7383	LOW2.8	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2025-6075	LOW2.8	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-2.el9_7	0.1% Theoretical Threat	Post-Exploit
CVE-2025-6075	LOW2.8	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-2.el9_7	0.1% Theoretical Threat	Post-Exploit
CVE-2026-33845	LOW2.78	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.6% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5121	LOW2.7	libarchive 3.5.3-5.el9_6 fixed in 3.5.3-9.el9_7	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-2100	LOW2.7	p11-kit 0.25.3-3.el9_5 fixed in 0.26.2-1.el9	1.0% Low-Moderate Risk	Post-Exploit
CVE-2026-2100	LOW2.7	p11-kit-trust 0.25.3-3.el9_5 fixed in 0.26.2-1.el9	1.0% Low-Moderate Risk	Post-Exploit
CVE-2026-32952	LOW2.7	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 fixed in 0.1.1	1.0% Low-Moderate Risk	Post-Exploit
CVE-2024-34156	LOW2.7	stdlib v1.21.13 fixed in 1.22.7, 1.23.1	1.1% Low-Moderate Risk	Post-Exploit
CVE-2025-48964	LOW2.7	iputils 20210202-11.el9_6.1 fixed in 20210202-11.el9_6.3	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW2.7	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW2.7	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2025-12084	LOW2.7	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-3.el9_7	0.7% Theoretical Threat	Post-Exploit
CVE-2025-12084	LOW2.7	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-3.el9_7	0.7% Theoretical Threat	Post-Exploit
CVE-2026-34180	LOW2.55	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.5% Theoretical Threat	Post-Exploit
CVE-2026-42013	LOW2.51	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5260	LOW2.51	gnutls 3.8.3-6.el9 fixed in 3.8.10-4.el9_8	0.7% Theoretical Threat	Post-Exploit
CVE-2025-32990	LOW2.51	gnutls 3.8.3-6.el9 fixed in 3.8.3-6.el9_6.2	0.7% Theoretical Threat	Post-Exploit
CVE-2026-34982	LOW2.51	vim-minimal 2:8.2.2637-22.el9_6 fixed in 2:8.2.2637-26.el9_8.4	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6100	LOW2.48	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-7.el9_8	0.5% Theoretical Threat	Post-Exploit
CVE-2026-6100	LOW2.48	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-7.el9_8	0.5% Theoretical Threat	Post-Exploit
CVE-2025-68160	LOW2.4	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.8% Theoretical Threat	Post-Exploit
CVE-2025-8194	LOW2.29	python3 3.9.21-2.el9_6.1 fixed in 3.9.21-2.el9_6.2	0.6% Theoretical Threat	Post-Exploit
CVE-2025-8194	LOW2.29	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.21-2.el9_6.2	0.6% Theoretical Threat	Post-Exploit
CVE-2026-0865	LOW2.29	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-3.el9_7.1	0.5% Theoretical Threat	Post-Exploit
CVE-2026-0865	LOW2.29	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-3.el9_7.1	0.5% Theoretical Threat	Post-Exploit
CVE-2025-6069	LOW2.19	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-2.el9_7	0.5% Theoretical Threat	Post-Exploit
CVE-2025-8291	LOW2.19	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-2.el9_7	0.3% Theoretical Threat	Post-Exploit
CVE-2025-6069	LOW2.19	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-2.el9_7	0.5% Theoretical Threat	Post-Exploit
CVE-2025-8291	LOW2.19	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-2.el9_7	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.21.13 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2025-53905	LOW2.09	vim-minimal 2:8.2.2637-22.el9_6 fixed in 2:8.2.2637-23.el9_7	0.2% Theoretical Threat	Post-Exploit
CVE-2025-53906	LOW2.09	vim-minimal 2:8.2.2637-22.el9_6 fixed in 2:8.2.2637-23.el9_7	0.7% Theoretical Threat	Post-Exploit
CVE-2025-69418	LOW2.04	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW1.89	openssl 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	shadow-utils 2:4.9-12.el9 fixed in 2:4.9-15.el9	0.4% Theoretical Threat	Post-Exploit
CVE-2026-4519	LOW1.68	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-7.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2026-4519	LOW1.68	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-7.el9_8	0.2% Theoretical Threat	Post-Exploit
CVE-2024-5642	LOW1.38	python3 3.9.21-2.el9_6.1 fixed in 3.9.25-2.el9_7	0.7% Theoretical Threat	Post-Exploit
CVE-2024-5642	LOW1.38	python3-libs 3.9.21-2.el9_6.1 fixed in 3.9.25-2.el9_7	0.7% Theoretical Threat	Post-Exploit
CVE-2025-6020	NONE0	pam 1.5.1-25.el9_6 fixed in 1.5.1-26.el9_6	0.4% Theoretical Threat	Not Applicable
CVE-2025-8941	NONE0	pam 1.5.1-25.el9_6 fixed in 1.5.1-26.el9_6	0.3% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.21.13 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.21.13 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.21.13 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.21.13 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.21.13 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.21.13 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable