Vulnerability Reportrabbitmq:4.1

rabbitmq:4.1.8rabbitmq:4.1

DIGESTsha256:0431aa30485f6553f2927d694c3925059f87af4af331d198afb25e93e731cab5

Executive Summary

CAUTION

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could remotely execute arbitrary code via a crafted ECDH ciphertext (CVE-2026-41989) or bypass certificate validation to perform man-in-the-middle attacks (CVE-2026-42013). Note that CVE-2026-42010 only applies if RSA-PSK cipher suites are enabled, which is not default. The post-exploit layer has no critical findings, and the image is officially maintained and pinned by digest, reducing supply chain risk.

Threat Score

50/100

CAUTION

Official Docker image with high trust (score 100) but contains 23 exposed vulnerabilities, 6 of which have severity ≥6.0.
Top findings include certificate validation bypass (CVE-2026-42013) and heap overflow in ECDH (CVE-2026-41989) which could lead to remote code execution or MITM.
Authentication bypass via RSA-PSK (CVE-2026-42010) requires non-default configuration, but other vulnerabilities are applicable by default.
Post-exploit layer is clean with max severity 2.86.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

Vulnerabilities

Vulnerability Log

40 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42013	MEDIUM6.97	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42010	MEDIUM6.66	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-41989	MEDIUM6.38	libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1	0.2% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-3833	MEDIUM6.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42011	MEDIUM6.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42012	MEDIUM6.03	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-5260	MEDIUM5.58	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-40226	MEDIUM5.44	libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM4.72	libgcrypt20 1.10.3-2build1 No fix yet	1.1% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-27456	MEDIUM4	libblkid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	LOW3.6	libc-bin 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4046	LOW3.6	libc6 2.39-0ubuntu8.7 No fix yet	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4438	LOW3.4	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-3832	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5419	LOW3.15	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-45582	LOW2.86	tar 1.35+dfsg-3build1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.35+dfsg-3build1 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.8	libsystemd0 255.4-1ubuntu8.15 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 255.4-1ubuntu8.15 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-33845	LOW2.78	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.39.3-9ubuntu6.5 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-33846	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.9% Theoretical Threat	Post-Exploit
CVE-2026-42009	LOW2.29	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.8% Theoretical Threat	Post-Exploit
CVE-2026-4437	LOW1.99	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-4437	LOW1.99	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.39-0ubuntu8.7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	login 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc-bin 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc6 2.39-0ubuntu8.7 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42015	LOW1.62	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42014	NONE0	libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6	—	Not Applicable