Vulnerability Reportprom/node-exporter:latest

Name: prom/node-exporter:v1.11.1 Security Vulnerability Report
Creator: BaseImage
Keywords: prom/node-exporter:v1.11.1, Docker security, vulnerability scan, CVE, container security, SBOM

prom/node-exporter:latestprom/node-exporter:v1prom/node-exporter:v1-busyboxprom/node-exporter:latest-busyboxprom/node-exporter:v1.11.1prom/node-exporter:v1.11.1-busybox

DIGESTsha256:e9cff4fc67b1818f8c97adb115b9f12c9a54b533de86765d4a0effc01b357205

Executive Summary

NEEDS_ATTENTION

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. Several EXPOSED_SURFACE vulnerabilities, notably CVE-2026-33810 (certificate validation bypass) and CVE-2026-32280 (denial of service), are related to TLS certificate handling in the underlying Go standard library. The practical impact of these findings is highly dependent on whether Node Exporter is configured to use TLS for incoming or outgoing connections, as an attacker could disrupt service or spoof services if TLS is enabled. If TLS is not utilized for external or untrusted communications, the attack surface for these specific vulnerabilities is significantly reduced.

Threat Score

30/100

NEEDS_ATTENTION

The image is published by 'prom', a highly reputable community publisher, and is widely adopted with over 3.9 billion pulls.
The image is pinned by digest, ensuring immutability and preventing unintended updates.
Four EXPOSED_SURFACE vulnerabilities with severity >= 6.0 were identified, with the highest at 6.97 (CVE-2026-33810).
Several EXPOSED_SURFACE findings, including CVE-2026-33810 and CVE-2026-32280, pose risks of certificate validation bypass or denial of service through TLS mechanisms.
No critical EXPOSED_SURFACE vulnerabilities (severity >= 7.0) were found.
Post-exploit vulnerabilities are low severity and not applicable to this Linux container environment.

Reputation

RELIABLE

prom

POPULAR COMMUNITY

High Reputation Community Image (3938M+ pulls)
Pinned by digest (Immutable)

BaseImage/

prom/node-exporter:latest

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

18 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-33810	MEDIUM6.97	stdlib v1.26.1 fixed in 1.26.2	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32280	MEDIUM6.38	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32281	MEDIUM6.38	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32283	MEDIUM6.38	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32282	MEDIUM5.44	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM5.1	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33814	MEDIUM5.1	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32288	MEDIUM4.67	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-39820	LOW3.83	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-39836	LOW2.29	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-32289	LOW1.87	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-39826	LOW1.65	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-39823	NONE0	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.1 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.1 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.1 fixed in 1.25.11, 1.26.4	—	Not Applicable