Vulnerability Reportprom/prometheus:v3.5.1

prom/prometheus:v3.5.1
DIGESTsha256:38c3b05c3bc744ff1b0b7b4eb82196026442845e62a1e2073795565da506d7a2

Executive Summary

Last scanned:

Threat Score
50/100CAUTION
Reputation
RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service by sending crafted URLs (CVE-2026-25679) or TLS certificates with excessive SAN entries (CVE-2026-27145). The certificate validation bypass (CVE-2025-68121) requires non-default TLS configuration and is not exploitable by default. Restricting network access to the container and disabling TLS session resumption can reduce the attack surface.

Vulnerabilities

Vulnerability Log

66 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2025-68121MEDIUM6.8
stdlib
v1.24.12
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-41567MEDIUM6.38
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39882MEDIUM6.38
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
v1.36.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39829MEDIUM6.38
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39830MEDIUM6.38
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39835MEDIUM6.38
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-46597MEDIUM6.38
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-25679MEDIUM6.38
stdlib
v1.24.12
fixed in 1.25.8, 1.26.1
0.7%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-27145MEDIUM6.38
stdlib
v1.24.12
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-32280MEDIUM6.38
stdlib
v1.24.12
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-32281MEDIUM6.38
stdlib
v1.24.12
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-32283MEDIUM6.38
stdlib
v1.24.12
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-33814MEDIUM6.38
stdlib
v1.24.12
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.24.12
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.24.12
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42499MEDIUM6.38
stdlib
v1.24.12
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42504MEDIUM6.38
stdlib
v1.24.12
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42508MEDIUM6.29
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42306MEDIUM6.12
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-46595MEDIUM6.03
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39883MEDIUM5.95
go.opentelemetry.io/otel/sdk
v1.36.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39827MEDIUM5.52
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39834MEDIUM5.52
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25680MEDIUM5.52
golang.org/x/net
v0.41.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39825MEDIUM5.52
stdlib
v1.24.12
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.24.12
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-40179MEDIUM5.18
github.com/prometheus/prometheus
3.5.1
fixed in 0.311.2-0.20260410083055-07c6232d159b
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42502MEDIUM5.18
golang.org/x/net
v0.41.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.24.12
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM5.1
golang.org/x/net
v0.41.0
fixed in 0.53.0
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33811MEDIUM5.1
stdlib
v1.24.12
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.24.12
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42506MEDIUM4.59
golang.org/x/net
v0.41.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.24.12
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39823MEDIUM4.59
stdlib
v1.24.12
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.24.12
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-11065MEDIUM4.5
github.com/go-viper/mapstructure/v2
v2.2.1
fixed in 2.4.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-47914MEDIUM4.5
golang.org/x/crypto
v0.39.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58181MEDIUM4.5
golang.org/x/crypto
v0.39.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-46598MEDIUM4.5
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-47911MEDIUM4.5
golang.org/x/net
v0.41.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58190MEDIUM4.5
golang.org/x/net
v0.41.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42505MEDIUM4.5
stdlib
v1.24.12
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42507MEDIUM4.5
stdlib
v1.24.12
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-41568LOW3.31
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-33186LOW3.28
google.golang.org/grpc
v1.73.0
fixed in 1.79.3
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2026-34040LOW2.81
github.com/docker/docker
v28.5.2+incompatible
fixed in 29.3.1
8.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-39828LOW2.69
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39832LOW2.66
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-39821LOW2.51
golang.org/x/net
v0.41.0
fixed in 0.55.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-33997LOW2.48
github.com/docker/docker
v28.5.2+incompatible
fixed in 29.3.1
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39831LOW2.48
golang.org/x/crypto
v0.39.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-25681LOW2.48
golang.org/x/net
v0.41.0
fixed in 0.55.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-27136LOW2.48
golang.org/x/net
v0.41.0
fixed in 0.55.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39822LOW2.39
stdlib
v1.24.12
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-29181LOW2.29
go.opentelemetry.io/otel
v1.36.0
fixed in 1.41.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-47913LOW2.29
golang.org/x/crypto
v0.39.0
fixed in 0.43.0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-27139LOW2.12
stdlib
v1.24.12
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
GHSA-fv92-fjc5-jj9hNONE0
github.com/go-viper/mapstructure/v2
v2.2.1
fixed in 2.3.0
Not Applicable
CVE-2026-2303NONE0
go.mongodb.org/mongo-driver
v1.14.0
fixed in 1.17.7
0.2%
Theoretical Threat
Not Applicable
CVE-2026-24051NONE0
go.opentelemetry.io/otel/sdk
v1.36.0
fixed in 1.40.0
0.2%
Theoretical Threat
Not Applicable
GO-2026-5932NONE0
golang.org/x/crypto
v0.39.0
No fix yet
Not Applicable
CVE-2026-46600NONE0
golang.org/x/net
v0.41.0
fixed in 0.56.0
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.33.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56852NONE0
golang.org/x/text
v0.26.0
fixed in 0.39.0
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.