Vulnerability Reportprom/node-exporter:v1.10.1

prom/node-exporter:v1.10.1

DIGESTsha256:b01f6d5e6945d5001894165cce46a80fd8d0cfee68c35c8b251c50d8d446ba75

Executive Summary

NEEDS_ATTENTION

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The most notable issue is CVE-2025-61726, which could allow memory exhaustion via crafted HTTP query parameters, directly affecting the Node Exporter's HTTP server. Additionally, CVE-2025-68121 may permit TLS session resumption bypass if the server uses dynamic TLS configuration changes. If your deployment does not mutate TLS configs between handshakes, the latter vulnerability is not applicable. Overall, the threat score is low (25), and there are no high-severity exposed vulnerabilities.

Threat Score

25/100

NEEDS_ATTENTION

Two exposed vulnerabilities with severity >=6.0 (max 6.8) require attention: CVE-2025-61726 (memory exhaustion) and CVE-2025-68121 (TLS auth bypass).
CVE-2025-61726 has HIGH context importance and could cause service outage by sending crafted HTTP requests with many query parameters.
CVE-2025-68121 requires specific TLS configuration mutation between handshakes; if not using dynamic TLS configs, it may not be applicable.
No post-exploit findings are notable (max severity 2.29).
The image is based on a popular community image (Prometheus node-exporter) with high reputation (3.9B+ pulls) and pinned by digest.
Overall threat score is 25 (lowest in NEEDS_ATTENTION band), indicating limited but real risk.

Reputation

RELIABLE

prom

POPULAR COMMUNITY

High Reputation Community Image (3941M+ pulls)
Pinned by digest (Immutable)

Vulnerabilities

Vulnerability Log

29 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-68121	MEDIUM6.8	stdlib v1.25.3 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61726	MEDIUM6.38	stdlib v1.25.3 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61729	MEDIUM5.1	stdlib v1.25.3 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-25679	MEDIUM5.1	stdlib v1.25.3 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32283	MEDIUM5.1	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM4.42	stdlib v1.25.3 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61730	LOW2.7	stdlib v1.25.3 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2025-52881	LOW2.29	github.com/opencontainers/selinux v1.12.0 fixed in 1.13.0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-32280	LOW2.29	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-32281	LOW2.29	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33811	LOW2.29	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-33814	LOW2.29	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.25.3 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.25.3 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32289	LOW1.87	stdlib v1.25.3 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27142	LOW1.65	stdlib v1.25.3 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39826	LOW1.65	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2025-47914	LOW1.62	golang.org/x/crypto v0.42.0 fixed in 0.45.0	0.5% Theoretical Threat	Post-Exploit
CVE-2025-58181	LOW1.62	golang.org/x/crypto v0.42.0 fixed in 0.45.0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-39823	NONE0	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.3 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.3 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.3 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.3 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable