Vulnerability Reportredislabs/redisinsight:3.4.2

redislabs/redisinsight:3.4redislabs/redisinsight:3.4.2

DIGESTsha256:85562d67a9128ac7f764bb3d1ac909fcf77708c7c8f55bd1605a85b3c4becc83

Executive Summary

Threat ScoreDANGEROUS• Three exposed vulnerabilities with severity ≥ 7.0, max severity 8.5 (CVE-2026-42043).• CVE-2026-42043 and CVE-2026-44492 in axios allow SSRF and NO_PROXY bypass, reaching internal services.• CVE-2026-4800 in lodash enables arbitrary code execution under specific configurations.• 76 total exposed vulnerabilities, threat score 100 indicates critical risk.

100/100DANGEROUS

ReputationVERIFIED• Verified Publisher (Trusted Vendor)• Pinned by digest (Immutable)

TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker can exploit SSRF vulnerabilities in axios (e.g., CVE-2026-42043) to reach internal services, or achieve remote code execution via lodash (CVE-2026-4800) if the application passes untrusted input to _.template imports. All critical vulnerabilities are in Node.js packages (axios, lodash) and require upgrading to patched versions (axios ≥1.16.0, lodash ≥4.18.0). Note that CVE-2026-4800 only applies if the application uses lodash _.template with attacker-controlled key names, which may not be the default usage. Despite the trusted publisher and verified signature, the severity and number of exploitable vulnerabilities make this image unsuitable for deployment without complete remediation.

Vulnerabilities

Vulnerability Log

104 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42043	HIGH8.5	axios 1.15.0 fixed in 1.15.1, 0.31.1	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-4800	HIGH7.84	lodash 4.17.21 fixed in 4.18.0	1.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-44492	HIGH7.31	axios 1.15.0 fixed in 1.16.0, 0.32.0	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-44486	MEDIUM6.38	axios 1.15.0 fixed in 1.16.0, 0.32.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44487	MEDIUM6.38	axios 1.15.0 fixed in 1.16.0, 0.32.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44488	MEDIUM6.38	axios 1.15.0 fixed in 1.16.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-44496	MEDIUM6.38	axios 1.15.0 fixed in 1.16.0, 0.32.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42038	MEDIUM6.38	axios 1.15.0 fixed in 1.15.1, 0.31.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42039	MEDIUM6.38	axios 1.15.0 fixed in 1.15.1, 0.31.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33750	MEDIUM6.38	brace-expansion 2.0.2 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-26996	MEDIUM6.38	minimatch 9.0.5 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-2359	MEDIUM6.38	multer 2.0.2 fixed in 2.1.0	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-3304	MEDIUM6.38	multer 2.0.2 fixed in 2.1.0	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-3520	MEDIUM6.38	multer 2.0.2 fixed in 2.1.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-4926	MEDIUM6.38	path-to-regexp 8.2.0 fixed in 8.4.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-41907	MEDIUM6.38	uuid 11.1.0 fixed in 11.1.1, 12.0.1, 13.0.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-41907	MEDIUM6.38	uuid 8.3.2 fixed in 11.1.1, 12.0.1, 13.0.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45736	MEDIUM6.38	ws 8.17.1 fixed in 8.20.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42033	MEDIUM6.29	axios 1.15.0 fixed in 1.15.1, 0.31.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42035	MEDIUM6.29	axios 1.15.0 fixed in 1.15.1, 0.31.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44495	MEDIUM5.95	axios 1.15.0 fixed in 1.15.2, 0.31.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42041	MEDIUM5.52	axios 1.15.0 fixed in 1.15.1, 0.31.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27904	MEDIUM5.52	minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33671	MEDIUM5.52	picomatch 4.0.2 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42042	MEDIUM5.18	axios 1.15.0 fixed in 1.15.1, 0.31.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42338	MEDIUM5.18	ip-address 9.0.5 fixed in 10.1.1	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15284	MEDIUM5.1	qs 6.13.0 fixed in 6.14.1	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-2391	MEDIUM5.1	qs 6.13.0 fixed in 6.14.2	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-15284	MEDIUM5.1	qs 6.14.0 fixed in 6.14.1	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-2391	MEDIUM5.1	qs 6.14.0 fixed in 6.14.2	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27903	MEDIUM5.02	minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-4923	MEDIUM5.02	path-to-regexp 8.2.0 fixed in 8.4.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42034	MEDIUM4.5	axios 1.15.0 fixed in 1.15.1, 0.31.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42036	MEDIUM4.5	axios 1.15.0 fixed in 1.15.1, 0.31.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42037	MEDIUM4.5	axios 1.15.0 fixed in 1.15.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-31808	MEDIUM4.5	file-type 16.5.4 fixed in 21.3.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31808	MEDIUM4.5	file-type 20.4.1 fixed in 21.3.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32630	MEDIUM4.5	file-type 20.4.1 fixed in 21.3.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-13465	MEDIUM4.5	lodash 4.17.21 fixed in 4.17.23	0.3% Theoretical Threat	Directly Exposed
CVE-2026-2950	MEDIUM4.5	lodash 4.17.21 fixed in 4.18.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-33672	MEDIUM4.5	picomatch 4.0.2 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42264	LOW3.71	axios 1.15.0 fixed in 1.15.2	0.4% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-42044	LOW3.71	axios 1.15.0 fixed in 1.15.2	0.2% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-26960	LOW3.62	tar 6.2.1 fixed in 7.5.8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-26960	LOW3.62	tar 7.4.3 fixed in 7.5.8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-44494	LOW3.55	axios 1.15.0 fixed in 1.16.0	0.4% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-29786	LOW3.21	tar 6.2.1 fixed in 7.5.10	0.3% Theoretical Threat	Post-Exploit
CVE-2026-29786	LOW3.21	tar 7.4.3 fixed in 7.5.10	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW3.15	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-23745	LOW3.11	tar 6.2.1 fixed in 7.5.3	0.3% Theoretical Threat	Post-Exploit
CVE-2026-23745	LOW3.11	tar 7.4.3 fixed in 7.5.3	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-31802	LOW2.8	tar 6.2.1 fixed in 7.5.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-31802	LOW2.8	tar 7.4.3 fixed in 7.5.11	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-64756	LOW2.7	glob 10.4.5 fixed in 11.1.0, 10.5.0	3.0% Low-Moderate Risk	Post-Exploit
CVE-2026-44490	LOW2.51	axios 1.15.0 fixed in 1.16.0, 0.32.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-24842	LOW2.51	tar 6.2.1 fixed in 7.5.7	0.5% Theoretical Threat	Post-Exploit
CVE-2026-24842	LOW2.51	tar 7.4.3 fixed in 7.5.7	0.5% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-24001	LOW2.29	diff 4.0.2 fixed in 8.0.3, 5.2.2, 4.0.4, 3.5.1	0.5% Theoretical Threat	Post-Exploit
CVE-2026-24001	LOW2.29	diff 5.2.0 fixed in 8.0.3, 5.2.2, 4.0.4, 3.5.1	0.5% Theoretical Threat	Post-Exploit
CVE-2026-23950	LOW1.81	tar 6.2.1 fixed in 7.5.4	0.2% Theoretical Threat	Post-Exploit
CVE-2026-23950	LOW1.81	tar 7.4.3 fixed in 7.5.4	0.2% Theoretical Threat	Post-Exploit
CVE-2026-40200	NONE0	musl-utils 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Not Applicable
CVE-2026-6042	NONE0	musl-utils 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Not Applicable
CVE-2026-42040	NONE0	axios 1.15.0 fixed in 1.15.1, 0.31.1	0.2% Theoretical Threat	Not Applicable
GHSA-r4q5-vmmm-2653	NONE0	follow-redirects 1.15.11 fixed in 1.16.0	—	Not Applicable
CVE-2026-12143	NONE0	form-data 4.0.5 fixed in 2.5.6, 3.0.5, 4.0.6	0.3% Theoretical Threat	Not Applicable
CVE-2026-46625	NONE0	js-cookie 3.0.5 fixed in 3.0.7	0.4% Theoretical Threat	Not Applicable
CVE-2026-53550	NONE0	js-yaml 4.1.1 fixed in 4.2.0	—	Not Applicable
CVE-2026-8723	NONE0	qs 6.13.0 fixed in 6.15.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-8723	NONE0	qs 6.14.0 fixed in 6.15.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-53655	NONE0	tar 6.2.1 fixed in 7.5.16	—	Not Applicable
CVE-2026-53655	NONE0	tar 7.4.3 fixed in 7.5.16	—	Not Applicable
CVE-2026-48779	NONE0	ws 8.17.1 fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0	—	Not Applicable