Vulnerability Reportprom/node-exporter:v1.10.0

prom/node-exporter:v1.10.0

DIGESTsha256:dbb30baa213b9a8c9aff7fe00c124ec371752c92215f014ec6f26159e9c55ff3

Executive Summary

NEEDS_ATTENTION

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The image has 20 exposed vulnerabilities, 3 of medium severity (CVE-2025-61726, CVE-2026-25679) that could allow denial of service via memory exhaustion or malformed URLs, as Node Exporter serves an HTTP API. CVE-2025-68121 (TLS bypass) requires non-default TLS config mutation and is not applicable in standard setups. All post-exploit vulnerabilities are low severity. Mitigation includes applying patches or restricting HTTP input size and blocking malformed URLs at a reverse proxy.

Threat Score

25/100

NEEDS_ATTENTION

Trusted popular community image (3.94B pulls, pinned by digest) with reliable reputation.
3 exposed medium-severity vulnerabilities (CVE-2025-68121, CVE-2025-61726, CVE-2026-25679) with severity 6.0-6.8.
Post-exploit vulnerabilities are all low severity (max 2.29), reducing risk after compromise.
CVE-2025-61726 and CVE-2026-25679 are directly reachable via Node Exporter HTTP endpoint, enabling DoS.

Reputation

RELIABLE

prom

POPULAR COMMUNITY

High Reputation Community Image (3941M+ pulls)
Pinned by digest (Immutable)

Vulnerabilities

Vulnerability Log

29 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-68121	MEDIUM6.8	stdlib v1.25.3 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61726	MEDIUM6.38	stdlib v1.25.3 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-25679	MEDIUM6.38	stdlib v1.25.3 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61729	MEDIUM5.1	stdlib v1.25.3 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32280	MEDIUM5.1	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32283	MEDIUM5.1	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33811	MEDIUM5.1	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33814	MEDIUM5.1	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM4.42	stdlib v1.25.3 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32281	LOW3.83	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61730	LOW3.6	stdlib v1.25.3 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-52881	LOW2.29	github.com/opencontainers/selinux v1.12.0 fixed in 1.13.0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.25.3 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.25.3 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32289	LOW1.87	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27142	LOW1.65	stdlib v1.25.3 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39826	LOW1.65	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2025-47914	LOW1.62	golang.org/x/crypto v0.42.0 fixed in 0.45.0	0.5% Theoretical Threat	Post-Exploit
CVE-2025-58181	LOW1.62	golang.org/x/crypto v0.42.0 fixed in 0.45.0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-39823	NONE0	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.3 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.3 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.3 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable