Vulnerability Reportrabbitmq:4.0.7-management-alpine

rabbitmq:4.0.7-management-alpine
DIGESTsha256:011e8d48c9d4e9e0bc94d709e2b1b68fccf51de6680bcda302566dff0465764f

Executive Summary

Last scanned:

Threat Score
50/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The most severe vulnerabilities (CVE-2026-28390 and CVE-2026-45186) could allow remote denial-of-service attacks via crafted CMS or XML input. However, exploitation of CVE-2026-28390 and CVE-2025-69419 requires RabbitMQ to process untrusted S/MIME or PKCS#12 data, which is not part of its standard operation. Applying the latest updates to OpenSSL and Expat would fully remediate these issues.

Vulnerabilities

Vulnerability Log

97 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-28390MEDIUM6.38
libcrypto3
3.3.3-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-45186MEDIUM6.38
libexpat
2.7.0-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.3.3-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libcrypto3
3.3.3-r0
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libssl3
3.3.3-r0
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-9231MEDIUM5.9
libcrypto3
3.3.3-r0
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-9231MEDIUM5.9
libssl3
3.3.3-r0
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2026-56132MEDIUM5.87
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56403MEDIUM5.87
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56404MEDIUM5.87
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56405MEDIUM5.87
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56406MEDIUM5.87
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56410MEDIUM5.87
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56411MEDIUM5.87
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-9230MEDIUM5.6
libcrypto3
3.3.3-r0
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230MEDIUM5.6
libssl3
3.3.3-r0
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-59375MEDIUM5.3
libexpat
2.7.0-r0
fixed in 2.7.2-r0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.3.3-r0
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libcrypto3
3.3.3-r0
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libcrypto3
3.3.3-r0
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libcrypto3
3.3.3-r0
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libcrypto3
3.3.3-r0
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-50219MEDIUM5.02
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-56412MEDIUM5.02
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.3.3-r0
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libssl3
3.3.3-r0
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libssl3
3.3.3-r0
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libssl3
3.3.3-r0
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libssl3
3.3.3-r0
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libcrypto3
3.3.3-r0
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32776MEDIUM4.67
libexpat
2.7.0-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32777MEDIUM4.67
libexpat
2.7.0-r0
fixed in 2.7.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32778MEDIUM4.67
libexpat
2.7.0-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libssl3
3.3.3-r0
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r9
fixed in 1.2.5-r10
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl-utils
1.2.5-r9
fixed in 1.2.5-r10
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-29088MEDIUM4.67
sqlite-libs
3.48.0-r0
fixed in 3.48.0-r4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34743MEDIUM4.5
xz-libs
5.6.3-r0
fixed in 5.8.3-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-15467MEDIUM4.06
libcrypto3
3.3.3-r0
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2025-15467MEDIUM4.06
libssl3
3.3.3-r0
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2025-68160MEDIUM4
libcrypto3
3.3.3-r0
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libssl3
3.3.3-r0
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-6965LOW3.61
sqlite-libs
3.48.0-r0
fixed in 3.48.0-r3
73.5%
Actively Exploited
Post-Exploit
CVE-2025-69418LOW3.4
libcrypto3
3.3.3-r0
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libssl3
3.3.3-r0
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-41080LOW3.15
libexpat
2.7.0-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-9232LOW3.1
libcrypto3
3.3.3-r0
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-9232LOW3.1
libssl3
3.3.3-r0
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2026-31789LOW3
libcrypto3
3.3.3-r0
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libssl3
3.3.3-r0
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-3277LOW3
sqlite-libs
3.48.0-r0
fixed in 3.48.0-r1
0.7%
Theoretical Threat
Post-Exploit
CVE-2025-4517LOW2.74
python3
3.12.9-r0
fixed in 3.12.11-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2025-4138LOW2.7
python3
3.12.9-r0
fixed in 3.12.11-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-4516LOW2.6
python3
3.12.9-r0
fixed in 3.12.10-r1
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libcrypto3
3.3.3-r0
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libssl3
3.3.3-r0
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-25210LOW2.39
libexpat
2.7.0-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-40200LOW2.39
musl
1.2.5-r9
fixed in 1.2.5-r11
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-40200LOW2.39
musl-utils
1.2.5-r9
fixed in 1.2.5-r11
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2024-12718LOW2.33
python3
3.12.9-r0
fixed in 3.12.11-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-69421LOW2.29
libcrypto3
3.3.3-r0
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-28388LOW2.29
libcrypto3
3.3.3-r0
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-28389LOW2.29
libcrypto3
3.3.3-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2025-69421LOW2.29
libssl3
3.3.3-r0
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-28388LOW2.29
libssl3
3.3.3-r0
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-28389LOW2.29
libssl3
3.3.3-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2025-29087LOW2.29
sqlite-libs
3.48.0-r0
fixed in 3.48.0-r1
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-31115LOW2.29
xz-libs
5.6.3-r0
fixed in 5.6.3-r1
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-4330LOW2.23
python3
3.12.9-r0
fixed in 3.12.11-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-24515LOW2.12
libexpat
2.7.0-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-46394LOW1.68
busybox
1.37.0-r12
fixed in 1.37.0-r14
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox-binsh
1.37.0-r12
fixed in 1.37.0-r14
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
ssl_client
1.37.0-r12
fixed in 1.37.0-r14
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-12718NONE0
pyc
3.12.9-r0
fixed in 3.12.11-r0
0.6%
Theoretical Threat
Not Applicable
CVE-2025-4517NONE0
pyc
3.12.9-r0
fixed in 3.12.11-r0
1.2%
Low-Moderate Risk
Not Applicable
CVE-2024-12718NONE0
python3-pyc
3.12.9-r0
fixed in 3.12.11-r0
0.6%
Theoretical Threat
Not Applicable
CVE-2025-4517NONE0
python3-pyc
3.12.9-r0
fixed in 3.12.11-r0
1.2%
Low-Moderate Risk
Not Applicable
CVE-2024-12718NONE0
python3-pycache-pyc0
3.12.9-r0
fixed in 3.12.11-r0
0.6%
Theoretical Threat
Not Applicable
CVE-2025-4517NONE0
python3-pycache-pyc0
3.12.9-r0
fixed in 3.12.11-r0
1.2%
Low-Moderate Risk
Not Applicable
CVE-2025-4138NONE0
pyc
3.12.9-r0
fixed in 3.12.11-r0
1.1%
Low-Moderate Risk
Not Applicable
CVE-2025-4138NONE0
python3-pyc
3.12.9-r0
fixed in 3.12.11-r0
1.1%
Low-Moderate Risk
Not Applicable
CVE-2025-4138NONE0
python3-pycache-pyc0
3.12.9-r0
fixed in 3.12.11-r0
1.1%
Low-Moderate Risk
Not Applicable
CVE-2025-4330NONE0
pyc
3.12.9-r0
fixed in 3.12.11-r0
0.8%
Theoretical Threat
Not Applicable
CVE-2025-4330NONE0
python3-pyc
3.12.9-r0
fixed in 3.12.11-r0
0.8%
Theoretical Threat
Not Applicable
CVE-2025-4330NONE0
python3-pycache-pyc0
3.12.9-r0
fixed in 3.12.11-r0
0.8%
Theoretical Threat
Not Applicable
CVE-2025-4516NONE0
pyc
3.12.9-r0
fixed in 3.12.10-r1
0.2%
Theoretical Threat
Not Applicable
CVE-2025-4516NONE0
python3-pyc
3.12.9-r0
fixed in 3.12.10-r1
0.2%
Theoretical Threat
Not Applicable
CVE-2025-4516NONE0
python3-pycache-pyc0
3.12.9-r0
fixed in 3.12.10-r1
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox
1.37.0-r12
fixed in 1.37.0-r14
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox-binsh
1.37.0-r12
fixed in 1.37.0-r14
0.2%
Theoretical Threat
Not Applicable
CVE-2026-56131NONE0
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56407NONE0
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56408NONE0
libexpat
2.7.0-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56409NONE0
libexpat
2.7.0-r0
fixed in 2.8.2-r0
<0.1%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
ssl_client
1.37.0-r12
fixed in 1.37.0-r14
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.