Last scanned:
This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause a denial of service by exploiting CVE-2025-61726 with a high volume of unique query parameters, potentially crashing the Prometheus server. Additionally, multiple medium-severity DoS vulnerabilities in networking libraries (e.g., CVE-2026-39882) could be triggered if the OpenTelemetry collector endpoint is untrusted. To reduce risk, restrict access to the HTTP API and ensure the OpenTelemetry collector endpoint is trusted, which would fully mitigate CVE-2026-39882. Note that some vulnerabilities, such as CVE-2025-68121, require non-default TLS configuration to be exploitable.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2025-61726 | HIGH7.5 | stdlib v1.23.3 fixed in 1.24.12, 1.25.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2025-68121 | MEDIUM6.8 | stdlib v1.23.3 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-41567 | MEDIUM6.38 | github.com/docker/docker v27.3.1+incompatible No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39882 | MEDIUM6.38 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.30.0 fixed in 1.43.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39829 | MEDIUM6.38 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39830 | MEDIUM6.38 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-39835 | MEDIUM6.38 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-46597 | MEDIUM6.38 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | golang.org/x/net v0.30.0 fixed in 0.53.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-61729 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.24.11, 1.25.5 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25679 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.8, 1.26.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-27145 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.11, 1.26.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-32280 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.9, 1.26.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-32281 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32283 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.9, 1.26.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33811 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-39820 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-39836 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42499 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42504 | MEDIUM6.38 | stdlib v1.23.3 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42508 | MEDIUM6.29 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42306 | MEDIUM6.12 | github.com/docker/docker v27.3.1+incompatible No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-46595 | MEDIUM6.03 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39883 | MEDIUM5.95 | go.opentelemetry.io/otel/sdk v1.30.0 fixed in 1.43.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-47907 | MEDIUM5.95 | stdlib v1.23.3 fixed in 1.23.12, 1.24.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-4673 | MEDIUM5.78 | stdlib v1.23.3 fixed in 1.23.10, 1.24.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39821 | MEDIUM5.58 | golang.org/x/net v0.30.0 fixed in 0.55.0 | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-39827 | MEDIUM5.52 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39834 | MEDIUM5.52 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-22872 | MEDIUM5.52 | golang.org/x/net v0.30.0 fixed in 0.38.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25680 | MEDIUM5.52 | golang.org/x/net v0.30.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-47906 | MEDIUM5.52 | stdlib v1.23.3 fixed in 1.23.12, 1.24.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-61727 | MEDIUM5.52 | stdlib v1.23.3 fixed in 1.24.11, 1.25.5 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39825 | MEDIUM5.52 | stdlib v1.23.3 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32282 | MEDIUM5.44 | stdlib v1.23.3 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-40179 | MEDIUM5.18 | github.com/prometheus/prometheus 3.0.0 fixed in 0.311.2-0.20260410083055-07c6232d159b | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42502 | MEDIUM5.18 | golang.org/x/net v0.30.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32289 | MEDIUM5.18 | stdlib v1.23.3 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-30204 | MEDIUM5.1 | github.com/golang-jwt/jwt/v5 v5.2.1 fixed in 5.2.2 | 0.7% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-22868 | MEDIUM5.1 | golang.org/x/oauth2 v0.23.0 fixed in 0.27.0 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2024-45336 | MEDIUM5.02 | stdlib v1.23.3 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39833 | MEDIUM4.67 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32288 | MEDIUM4.67 | stdlib v1.23.3 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42506 | MEDIUM4.59 | golang.org/x/net v0.30.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-22871 | MEDIUM4.59 | stdlib v1.23.3 fixed in 1.23.8, 1.24.2 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-27142 | MEDIUM4.59 | stdlib v1.23.3 fixed in 1.25.8, 1.26.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39823 | MEDIUM4.59 | stdlib v1.23.3 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39826 | MEDIUM4.59 | stdlib v1.23.3 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-47914 | MEDIUM4.5 | golang.org/x/crypto v0.28.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58181 | MEDIUM4.5 | golang.org/x/crypto v0.28.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-46598 | MEDIUM4.5 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-47911 | MEDIUM4.5 | golang.org/x/net v0.30.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58190 | MEDIUM4.5 | golang.org/x/net v0.30.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-22866 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-22873 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.23.9, 1.24.3 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-47912 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58185 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58187 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.24.9, 1.25.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58188 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58189 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-61723 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61724 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-61725 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61730 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.24.12, 1.25.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42505 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42507 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58186 | MEDIUM4.5 | stdlib v1.23.3 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-54410 | MEDIUM4.42 | github.com/docker/docker v27.3.1+incompatible fixed in 25.0.13, 28.0.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-22870 | LOW3.74 | golang.org/x/net v0.30.0 fixed in 0.36.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-22870 | LOW3.74 | stdlib v1.23.3 fixed in 1.23.7, 1.24.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-45341 | LOW3.57 | stdlib v1.23.3 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-41568 | LOW3.31 | github.com/docker/docker v27.3.1+incompatible No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-33186 | LOW3.28 | google.golang.org/grpc v1.67.1 fixed in 1.79.3 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2024-45337 | LOW2.95 | golang.org/x/crypto v0.28.0 fixed in 0.31.0 | 3.2% Low-Moderate Risk | Post-Exploit |
| CVE-2026-34040 | LOW2.81 | github.com/docker/docker v27.3.1+incompatible fixed in 29.3.1 | 8.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-39828 | LOW2.69 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-39832 | LOW2.66 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-33997 | LOW2.48 | github.com/docker/docker v27.3.1+incompatible fixed in 29.3.1 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-39831 | LOW2.48 | golang.org/x/crypto v0.28.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-25681 | LOW2.48 | golang.org/x/net v0.30.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-27136 | LOW2.48 | golang.org/x/net v0.30.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-39822 | LOW2.39 | stdlib v1.23.3 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-22869 | LOW2.29 | golang.org/x/crypto v0.28.0 fixed in 0.35.0 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2025-47913 | LOW2.29 | golang.org/x/crypto v0.28.0 fixed in 0.43.0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2024-45338 | LOW2.29 | golang.org/x/net v0.30.0 fixed in 0.33.0 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2025-58183 | LOW2.29 | stdlib v1.23.3 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-61728 | LOW2.29 | stdlib v1.23.3 fixed in 1.24.12, 1.25.6 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-27139 | LOW2.12 | stdlib v1.23.3 fixed in 1.25.8, 1.26.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-2303 | NONE0 | go.mongodb.org/mongo-driver v1.14.0 fixed in 1.17.7 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-24051 | NONE0 | go.opentelemetry.io/otel/sdk v1.30.0 fixed in 1.40.0 | 0.2% Theoretical Threat | Not Applicable |
| GO-2026-5932 | NONE0 | golang.org/x/crypto v0.28.0 No fix yet | — | Not Applicable |
| CVE-2026-46600 | NONE0 | golang.org/x/net v0.30.0 fixed in 0.56.0 | — | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.26.0 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-56852 | NONE0 | golang.org/x/text v0.19.0 fixed in 0.39.0 | — | Not Applicable |
| CVE-2025-0913 | NONE0 | stdlib v1.23.3 fixed in 1.23.10, 1.24.4 | 0.2% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.