Vulnerability Reportshieldsio/shields:next

shieldsio/shields:next
DIGESTsha256:6c167277ffc83c84a7c687cf2595a43f082dcbbeb8f7b9d605219a26059efad8

Executive Summary

Last scanned:

Threat Score
25/100NEEDS ATTENTION
Reputation
RELIABLE

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. While 43 vulnerabilities are present, only one (CVE-2026-1525) has a medium severity score of 6.66 and it only applies if the application passes user-controlled header names to the undici HTTP client. In typical configurations, the risk is low. Disabling user-controlled headers or enforcing header case normalization would fully eliminate this vulnerability.

Vulnerabilities

Vulnerability Log

63 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-1525MEDIUM6.66
undici
6.23.0
fixed in 6.24.0, 7.24.0
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33671MEDIUM5.52
picomatch
4.0.3
fixed in 4.0.4, 3.0.2, 2.3.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2017-16137MEDIUM5.3
debug
4.1.1
fixed in 2.6.9, 3.1.0, 3.2.7, 4.3.1
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2026-42338MEDIUM5.18
ip-address
10.1.0
fixed in 10.1.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33750MEDIUM5.1
brace-expansion
2.0.2
fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33750MEDIUM5.1
brace-expansion
5.0.4
fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-45149MEDIUM5.1
brace-expansion
5.0.4
fixed in 5.0.6
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-26996MEDIUM5.1
minimatch
10.1.1
fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-42764MEDIUM5.02
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-27903MEDIUM5.02
minimatch
10.1.1
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-9679MEDIUM5.02
undici
6.23.0
fixed in 6.27.0, 7.28.0, 8.5.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
2.7.1
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-53550MEDIUM4.5
js-yaml
4.1.1
fixed in 4.2.0, 3.15.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33672MEDIUM4.5
picomatch
4.0.3
fixed in 4.0.4, 3.0.2, 2.3.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-27904MEDIUM4.42
minimatch
10.1.1
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-1527MEDIUM4.42
undici
6.23.0
fixed in 6.24.0, 7.24.0
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-29786LOW3.21
tar
7.5.9
fixed in 7.5.10
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-45446LOW3.15
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-47764LOW3.15
cookie
0.4.2
fixed in 0.7.0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-11525LOW3.15
undici
6.23.0
fixed in 6.27.0, 7.28.0, 8.5.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6733LOW3.15
undici
6.23.0
fixed in 6.27.0, 7.28.0, 8.5.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45447LOW2.92
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
libssl3
3.5.6-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-53655LOW2.8
tar
7.5.11
fixed in 7.5.16
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-31802LOW2.8
tar
7.5.9
fixed in 7.5.11
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-53655LOW2.8
tar
7.5.9
fixed in 7.5.16
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-1526LOW2.7
undici
6.23.0
fixed in 6.24.0, 7.24.0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-34183LOW2.29
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-34183LOW2.29
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-33151LOW2.29
socket.io-parser
3.3.4
fixed in 3.3.5, 3.4.4, 4.2.6
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-33151LOW2.29
socket.io-parser
3.4.3
fixed in 3.3.5, 3.4.4, 4.2.6
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-12151LOW2.29
undici
6.23.0
fixed in 6.27.0, 7.28.0, 8.5.0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-1528LOW2.29
undici
6.23.0
fixed in 6.24.0, 7.24.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-2229LOW2.29
undici
6.23.0
fixed in 6.24.0, 7.24.0
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-48779LOW2.29
ws
6.2.3
fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-48779LOW2.29
ws
7.5.10
fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-34182LOW2.26
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-34182LOW2.26
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-48758NONE0
@sigstore/core
2.0.0
fixed in 3.2.1
Not Applicable
CVE-2024-36751NONE0
parseuri
0.0.6
fixed in 2.0.0
0.5%
Theoretical Threat
Not Applicable
CVE-2026-48815NONE0
sigstore
3.1.0
fixed in 4.1.1
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.