Vulnerability Reportpostgres:16

Name: postgres:16.14-trixie Security Vulnerability Report
Creator: BaseImage
Keywords: postgres:16.14-trixie, Docker security, vulnerability scan, CVE, container security, SBOM

postgres:16.14-trixiepostgres:16.14postgres:16-trixiepostgres:16

DIGESTsha256:4b7183ac05f8ef417db21fd72d71047a4238340c261d3cc3ddb6d579ab5071ae

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve arbitrary code execution through CVE-2026-48962, or trigger a denial of service for the PostgreSQL service by exploiting critical vulnerabilities in glibc like CVE-2018-20796. These severe issues are present in core system libraries and directly impact the container's primary function. Despite being an official Docker Hub image and immutable by digest, the presence of 4 EXPOSED_SURFACE vulnerabilities with severity 7.0 or higher, out of 117 total, indicates an outdated or insecure base system.

Threat Score

100/100

DANGEROUS

Presence of critical EXPOSED_SURFACE vulnerability CVE-2026-48962 (severity 7.8) allowing arbitrary code execution via an attacker-controlled output glob.
Two EXPOSED_SURFACE vulnerabilities, CVE-2018-20796 (severity 7.5) affecting glibc, identified with HIGH contextual importance, which could lead to a denial of service for the PostgreSQL service.
Another EXPOSED_SURFACE vulnerability, CVE-2019-1010023 (severity 7.48) affecting glibc, which could lead to code execution or privilege escalation.
Overall, 4 EXPOSED_SURFACE findings with severity 7.0 or higher, out of 117 total exposed vulnerabilities.
Despite being an Official Docker Hub Image and pinned by digest, the base system contains fundamental libraries with severe security flaws.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

postgres:16

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

300 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-48962	HIGH7.8	libperl5.40 5.40.1-6 No fix yet	—	Directly Exposed
CVE-2018-20796	HIGH7.5	libc-bin 2.41-12+deb13u3 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2018-20796	HIGH7.5	libc6 2.41-12+deb13u3 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2019-1010023	HIGH7.48	libc6 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2019-9192	MEDIUM6.38	libc-bin 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2019-9192	MEDIUM6.38	libc6 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-41989	MEDIUM6.38	libgcrypt20 1.11.0-7 fixed in 1.11.0-7+deb13u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2018-6829	MEDIUM6.38	libgcrypt20 1.11.0-7 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2015-3276	MEDIUM6	libldap2 2.6.10+dfsg-1 No fix yet	2.6% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-22185	MEDIUM5.78	libldap2 2.6.10+dfsg-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42496	MEDIUM5.46	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-42496	MEDIUM5.46	perl-modules-5.40 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-1757	MEDIUM5.27	libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.02	libgcrypt20 1.11.0-7 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2026-40355	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5 fixed in 1.21.3-5+deb13u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40356	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5 fixed in 1.21.3-5+deb13u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40355	MEDIUM5.02	libk5crypto3 1.21.3-5 fixed in 1.21.3-5+deb13u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40356	MEDIUM5.02	libk5crypto3 1.21.3-5 fixed in 1.21.3-5+deb13u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libk5crypto3 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libk5crypto3 1.21.3-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40355	MEDIUM5.02	libkrb5-3 1.21.3-5 fixed in 1.21.3-5+deb13u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40356	MEDIUM5.02	libkrb5-3 1.21.3-5 fixed in 1.21.3-5+deb13u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5-3 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libkrb5-3 1.21.3-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40355	MEDIUM5.02	libkrb5support0 1.21.3-5 fixed in 1.21.3-5+deb13u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40356	MEDIUM5.02	libkrb5support0 1.21.3-5 fixed in 1.21.3-5+deb13u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5support0 1.21.3-5 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libkrb5support0 1.21.3-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-13151	MEDIUM5.02	libtasn1-6 4.20.0-2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-0990	MEDIUM5.02	libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42250	MEDIUM5	libbz2-1.0 1.0.8-6 No fix yet	—	Directly Exposed
CVE-2026-48962	MEDIUM4.68	perl 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-48962	MEDIUM4.68	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-48962	MEDIUM4.68	perl-modules-5.40 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2022-0563	MEDIUM4.67	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-10911	MEDIUM4.67	libxslt1.1 1.1.35-1.2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42497	MEDIUM4.5	perl 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-9538	MEDIUM4.5	perl 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-42497	MEDIUM4.5	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-9538	MEDIUM4.5	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-42497	MEDIUM4.5	perl-modules-5.40 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-9538	MEDIUM4.5	perl-modules-5.40 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-3184	MEDIUM4.5	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc-bin 2.41-12+deb13u3 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc-bin 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc6 2.41-12+deb13u3 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc6 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.8.1-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2015-9019	MEDIUM4.5	libxslt1.1 1.1.35-1.2+deb13u3 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2011-3389	MEDIUM4.3	libgnutls30t64 3.8.9-3+deb13u4 No fix yet	3.9% Low-Moderate Risk	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2017-14159	MEDIUM4	libldap2 2.6.10+dfsg-1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-24882	LOW3.98	dirmngr 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-24882	LOW3.98	gnupg 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-24882	LOW3.98	gpg 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-24882	LOW3.98	gpg-agent 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-24882	LOW3.98	gpgconf 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-24882	LOW3.98	gpgsm 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW3.7	libapt-pkg7.0 3.0.3 No fix yet	1.5% Low-Moderate Risk	Directly Exposed
CVE-2021-45346	LOW3.65	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2005-2541	LOW3.6	tar 1.35+dfsg-3.1 No fix yet	3.8% Low-Moderate Risk	Post-Exploit
CVE-2020-15719	LOW3.57	libldap2 2.6.10+dfsg-1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-8376	LOW3.53	libperl5.40 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-8376	LOW3.53	perl 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-8376	LOW3.53	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-8376	LOW3.53	perl-modules-5.40 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2010-4756	LOW3.4	libc-bin 2.41-12+deb13u3 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc6 2.41-12+deb13u3 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42496	LOW3.28	libperl5.40 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-42496	LOW3.28	perl 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2024-7883	LOW3.15	libllvm19 1:19.1.7-3+b1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0989	LOW3.15	libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	LOW3.11	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010022	LOW3	libc-bin 2.41-12+deb13u3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010022	LOW3	libc6 2.41-12+deb13u3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.35+dfsg-3.1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW2.8	libperl5.40 5.40.1-6 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-70873	LOW2.8	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libudev1 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-8732	LOW2.8	libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2018-5709	LOW2.7	libgssapi-krb5-2 1.21.3-5 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libk5crypto3 1.21.3-5 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libkrb5-3 1.21.3-5 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libkrb5support0 1.21.3-5 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2017-17740	LOW2.7	libldap2 2.6.10+dfsg-1 No fix yet	6.1% Low-Moderate Risk	Post-Exploit
CVE-2026-42497	LOW2.7	libperl5.40 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-9538	LOW2.7	libperl5.40 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-3184	LOW2.7	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-34743	LOW2.7	xz-utils 5.8.1-1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc-bin 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-11731	LOW2.63	libxslt1.1 1.1.35-1.2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2007-5686	LOW2.5	passwd 1:4.17.4-2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-0992	LOW2.46	libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	LOW2.4	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2017-18018	LOW2.4	coreutils 9.7-3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	dirmngr 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gnupg 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpg 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpg-agent 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpgconf 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpgsm 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 9.7-3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW2.22	apt 3.0.3 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2022-3219	LOW1.68	dirmngr 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-3219	LOW1.68	gnupg 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-3219	LOW1.68	gpg 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-3219	LOW1.68	gpg-agent 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-3219	LOW1.68	gpgconf 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-3219	LOW1.68	gpgsm 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl 5.40.1-6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-base 5.40.1-6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-modules-5.40 5.40.1-6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-68121	NONE0	stdlib v1.24.6 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	<0.1% Theoretical Threat	Not Applicable
CVE-2019-1010022	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2019-1010022	NONE0	locales 2.41-12+deb13u3 No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2019-1010023	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2019-1010023	NONE0	locales 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-24882	NONE0	gnupg-l10n 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	libncursesw6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2018-20796	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	1.5% Low-Moderate Risk	Not Applicable
CVE-2019-9192	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Not Applicable
CVE-2018-20796	NONE0	locales 2.41-12+deb13u3 No fix yet	1.5% Low-Moderate Risk	Not Applicable
CVE-2019-9192	NONE0	locales 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Not Applicable
CVE-2025-61726	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61729	NONE0	stdlib v1.24.6 fixed in 1.24.11, 1.25.5	<0.1% Theoretical Threat	Not Applicable
CVE-2026-25679	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32280	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32281	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32283	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2025-58183	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61728	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2026-6238	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-6238	NONE0	locales 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61727	NONE0	stdlib v1.24.6 fixed in 1.24.11, 1.25.5	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32282	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32289	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-5435	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-5435	NONE0	locales 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-32288	NONE0	stdlib v1.24.6 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27142	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2019-1010024	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	0.6% Theoretical Threat	Not Applicable
CVE-2019-1010025	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2019-1010024	NONE0	locales 2.41-12+deb13u3 No fix yet	0.6% Theoretical Threat	Not Applicable
CVE-2019-1010025	NONE0	locales 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-47912	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58185	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58187	NONE0	stdlib v1.24.6 fixed in 1.24.9, 1.25.3	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58188	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58189	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61723	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61724	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61725	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2025-61730	NONE0	stdlib v1.24.6 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Not Applicable
CVE-2025-58186	NONE0	stdlib v1.24.6 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Not Applicable
CVE-2026-5450	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-5928	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-5450	NONE0	locales 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-5928	NONE0	locales 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2007-5686	NONE0	login.defs 1:4.17.4-2 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2025-68972	NONE0	gnupg-l10n 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2010-4756	NONE0	libc-l10n 2.41-12+deb13u3 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2010-4756	NONE0	locales 2.41-12+deb13u3 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login.defs 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Not Applicable
CVE-2022-3219	NONE0	gnupg-l10n 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	libncursesw6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27139	NONE0	stdlib v1.24.6 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Not Applicable
TEMP-0841856-B18BAF	NONE0	bash 5.2.37-2+b9 No fix yet	—	Not Applicable
CVE-2026-48959	NONE0	libperl5.40 5.40.1-6 No fix yet	—	Not Applicable
CVE-2025-15649	NONE0	libperl5.40 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-7010	NONE0	libperl5.40 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-48961	NONE0	libperl5.40 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-34180	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34181	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34182	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34183	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42764	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42766	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42767	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42768	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42769	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42770	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45445	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45446	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45447	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-7383	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-9076	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	login.defs 1:4.17.4-2 No fix yet	—	Not Applicable
CVE-2026-34180	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34181	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34182	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34183	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42764	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42766	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42767	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42768	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42769	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42770	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45445	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45446	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45447	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-7383	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-9076	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34180	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34181	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34182	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34183	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42764	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42766	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42767	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42768	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42769	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42770	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45445	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45446	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45447	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-7383	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-9076	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	passwd 1:4.17.4-2 No fix yet	—	Not Applicable
CVE-2026-48959	NONE0	perl 5.40.1-6 No fix yet	—	Not Applicable
CVE-2025-15649	NONE0	perl 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-7010	NONE0	perl 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-48961	NONE0	perl 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-48959	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2025-15649	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-7010	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-48961	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-48959	NONE0	perl-modules-5.40 5.40.1-6 No fix yet	—	Not Applicable
CVE-2025-15649	NONE0	perl-modules-5.40 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-7010	NONE0	perl-modules-5.40 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-48961	NONE0	perl-modules-5.40 5.40.1-6 No fix yet	—	Not Applicable
TEMP-0517018-A83CE6	NONE0	sysvinit-utils 3.14-4 No fix yet	—	Not Applicable
TEMP-0290435-0B57B5	NONE0	tar 1.35+dfsg-3.1 No fix yet	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.24.6 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.24.6 fixed in 1.25.11, 1.26.4	—	Not Applicable