This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2026-42581 to perform request smuggling, bypassing security controls and potentially compromising downstream proxies or message integrity. Upgrading Netty to version 4.1.133.Final or 4.2.13.Final would resolve this vulnerability. Additional DNS cache poisoning vulnerabilities (CVE-2026-45674, CVE-2026-47691) could redirect outbound connections but require a malicious DNS server. The image contains 166 exposed vulnerabilities, with 2 critical-severity findings; immediate remediation is mandatory before any deployment.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-42581 | HIGH8.33 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-42581 | HIGH8.33 | io.netty:netty-codec-http 4.2.2.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-45674 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-47691 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-45674 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-47691 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42010 | MEDIUM6.66 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-45447 | MEDIUM6.48 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 1.4% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-41989 | MEDIUM6.38 | libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42009 | MEDIUM6.38 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-33870 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.1.132.Final, 4.2.10.Final | 0.4% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42585 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33870 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.2.Final fixed in 4.1.132.Final, 4.2.10.Final | 0.4% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.2.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42585 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.2.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-58056 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.2.Final fixed in 4.1.125.Final, 4.2.5.Final | 0.6% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-33871 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.1.132.Final, 4.2.11.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-48043 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.1.135.Final, 4.2.15.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33871 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.2.Final fixed in 4.1.132.Final, 4.2.11.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.2.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-48043 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.2.Final fixed in 4.1.135.Final, 4.2.15.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42578 | MEDIUM6.38 | io.netty:netty-handler-proxy 4.2.2.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45292 | MEDIUM6.38 | io.opentelemetry:opentelemetry-api 1.31.0 fixed in 1.62.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34479 | MEDIUM6.38 | org.apache.logging.log4j:log4j-1.2-api 2.19.0 fixed in 2.25.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-34478 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-5588 | MEDIUM6.38 | org.bouncycastle:bcpkix-jdk18on 1.79 fixed in 1.84 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5598 | MEDIUM6.38 | org.bouncycastle:bcprov-jdk18on 1.79 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-29062 | MEDIUM6.38 | tools.jackson.core:jackson-core 3.0.4 fixed in 3.1.0 | 0.5% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-3833 | MEDIUM6.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42011 | MEDIUM6.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-29481 | MEDIUM6.21 | libbpf1 1:1.3.0-2build2 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33845 | MEDIUM6.18 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.6% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-45445 | MEDIUM6.18 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42579 | MEDIUM6.18 | io.netty:netty-codec-dns 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42579 | MEDIUM6.18 | io.netty:netty-codec-dns 4.2.2.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42584 | MEDIUM6.18 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42584 | MEDIUM6.18 | io.netty:netty-codec-http 4.2.2.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42012 | MEDIUM6.03 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-2236 | MEDIUM5.9 | libgcrypt20 1.10.3-2build1 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-45673 | MEDIUM5.78 | io.netty:netty-resolver-dns 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45673 | MEDIUM5.78 | io.netty:netty-resolver-dns 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42014 | MEDIUM5.61 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42013 | MEDIUM5.58 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-5260 | MEDIUM5.58 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.7% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4437 | MEDIUM5.52 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4437 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41417 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42580 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-67735 | MEDIUM5.52 | io.netty:netty-codec-http 4.2.2.Final fixed in 4.2.8.Final, 4.1.129.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41417 | MEDIUM5.52 | io.netty:netty-codec-http 4.2.2.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42580 | MEDIUM5.52 | io.netty:netty-codec-http 4.2.2.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0636 | MEDIUM5.52 | org.bouncycastle:bcprov-jdk18on 1.79 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-44249 | MEDIUM5.5 | io.netty:netty-handler 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-44249 | MEDIUM5.5 | io.netty:netty-handler 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2017-13716 | MEDIUM5.5 | libbinutils 2.42-4ubuntu2.10 No fix yet | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2017-13716 | MEDIUM5.5 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2017-13716 | MEDIUM5.5 | libctf0 2.42-4ubuntu2.10 No fix yet | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2017-13716 | MEDIUM5.5 | libgprofng0 2.42-4ubuntu2.10 No fix yet | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2017-13716 | MEDIUM5.5 | libsframe1 2.42-4ubuntu2.10 No fix yet | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2026-40226 | MEDIUM5.44 | libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40226 | MEDIUM5.44 | libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-33846 | MEDIUM5.1 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.9% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-7962 | MEDIUM5.1 | com.sun.mail:jakarta.mail 1.6.3 fixed in 1.6.8, 2.0.2 | 0.7% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-7962 | MEDIUM5.1 | com.sun.mail:jakarta.mail 2.0.1 fixed in 1.6.8, 2.0.2 | 0.7% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-58057 | MEDIUM5.1 | io.netty:netty-codec-compression 4.2.2.Final fixed in 4.2.5.Final | 0.6% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-55163 | MEDIUM5.1 | io.netty:netty-codec-http2 4.2.2.Final fixed in 4.2.4.Final, 4.1.124.Final | 0.9% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-5435 | MEDIUM5.02 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-69651 | MEDIUM4.67 | libbinutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69651 | MEDIUM4.67 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69651 | MEDIUM4.67 | libctf0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-66382 | MEDIUM4.67 | libexpat1 2.6.1-2ubuntu0.4 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69651 | MEDIUM4.67 | libgprofng0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69651 | MEDIUM4.67 | libsframe1 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc6 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42015 | MEDIUM4.5 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-34743 | MEDIUM4.5 | liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50020 | MEDIUM4.5 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-50020 | MEDIUM4.5 | io.netty:netty-codec-http 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-47244 | MEDIUM4.5 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-50560 | MEDIUM4.5 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-47244 | MEDIUM4.5 | io.netty:netty-codec-http2 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-50560 | MEDIUM4.5 | io.netty:netty-codec-http2 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libblkid1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-1376 | MEDIUM4 | libelf1t64 0.190-1.1ubuntu0.1 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libmount1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libsmartcols1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libuuid1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-48924 | LOW3.7 | org.apache.commons:commons-lang3 3.17.0 fixed in 3.18.0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-48924 | LOW3.7 | org.apache.commons:commons-lang3 3.9 fixed in 3.18.0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-epoll 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-kqueue 4.2.2.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2017-13716 | LOW3.3 | binutils 2.42-4ubuntu2.10 No fix yet | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2017-13716 | LOW3.3 | binutils-common 2.42-4ubuntu2.10 No fix yet | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2017-13716 | LOW3.3 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2025-1152 | LOW3.15 | libbinutils 2.42-4ubuntu2.10 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-1152 | LOW3.15 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-1152 | LOW3.15 | libctf0 2.42-4ubuntu2.10 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-3832 | LOW3.15 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5419 | LOW3.15 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-1152 | LOW3.15 | libgprofng0 2.42-4ubuntu2.10 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-1152 | LOW3.15 | libsframe1 2.42-4ubuntu2.10 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3t64 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45447 | LOW2.92 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2025-45582 | LOW2.86 | tar 1.35+dfsg-3build1 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-69651 | LOW2.8 | binutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69651 | LOW2.8 | binutils-common 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69651 | LOW2.8 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-7383 | LOW2.8 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-69647 | LOW2.8 | libbinutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69648 | LOW2.8 | libbinutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69652 | LOW2.8 | libbinutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69647 | LOW2.8 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69648 | LOW2.8 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69652 | LOW2.8 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69647 | LOW2.8 | libctf0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69648 | LOW2.8 | libctf0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69652 | LOW2.8 | libctf0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69647 | LOW2.8 | libgprofng0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69648 | LOW2.8 | libgprofng0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69652 | LOW2.8 | libgprofng0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69647 | LOW2.8 | libsframe1 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69648 | LOW2.8 | libsframe1 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69652 | LOW2.8 | libsframe1 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-40228 | LOW2.8 | libsystemd0 255.4-1ubuntu8.15 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-40228 | LOW2.8 | libudev1 255.4-1ubuntu8.15 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45445 | LOW2.78 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42766 | LOW2.7 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42767 | LOW2.7 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-34180 | LOW2.55 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | bsdutils 1:2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | mount 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | util-linux 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69644 | LOW2.38 | libbinutils 2.42-4ubuntu2.10 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69645 | LOW2.38 | libbinutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69646 | LOW2.38 | libbinutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69644 | LOW2.38 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69645 | LOW2.38 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69646 | LOW2.38 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69644 | LOW2.38 | libctf0 2.42-4ubuntu2.10 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69645 | LOW2.38 | libctf0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69646 | LOW2.38 | libctf0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69644 | LOW2.38 | libgprofng0 2.42-4ubuntu2.10 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69645 | LOW2.38 | libgprofng0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69646 | LOW2.38 | libgprofng0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69644 | LOW2.38 | libsframe1 2.42-4ubuntu2.10 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69645 | LOW2.38 | libsframe1 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69646 | LOW2.38 | libsframe1 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-1352 | LOW2.29 | libelf1t64 0.190-1.1ubuntu0.1 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW2.26 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-1152 | LOW1.89 | binutils 2.42-4ubuntu2.10 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2025-1152 | LOW1.89 | binutils-common 2.42-4ubuntu2.10 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2025-1152 | LOW1.89 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-45446 | LOW1.89 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW1.84 | login 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW1.84 | passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-42770 | LOW1.81 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW1.81 | openssl 3.0.13-0ubuntu3.9 fixed in 3.0.13-0ubuntu3.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-69647 | LOW1.68 | binutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69648 | LOW1.68 | binutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69652 | LOW1.68 | binutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69647 | LOW1.68 | binutils-common 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69648 | LOW1.68 | binutils-common 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69652 | LOW1.68 | binutils-common 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69647 | LOW1.68 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69648 | LOW1.68 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69652 | LOW1.68 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69644 | LOW1.43 | binutils 2.42-4ubuntu2.10 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69645 | LOW1.43 | binutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69646 | LOW1.43 | binutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69644 | LOW1.43 | binutils-common 2.42-4ubuntu2.10 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69645 | LOW1.43 | binutils-common 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69646 | LOW1.43 | binutils-common 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69644 | LOW1.43 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69645 | LOW1.43 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69646 | LOW1.43 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-4437 | NONE0 | locales 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-6238 | NONE0 | locales 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-5435 | NONE0 | locales 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-4046 | NONE0 | locales 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-4438 | NONE0 | locales 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.15.0 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.17.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.19.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.21.0 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| CVE-2026-42583 | NONE0 | io.netty:netty-codec 4.1.130.Final fixed in 4.1.133.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42583 | NONE0 | io.netty:netty-codec-compression 4.2.2.Final fixed in 4.2.13.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42577 | NONE0 | io.netty:netty-transport-native-epoll 4.2.2.Final fixed in 4.2.13.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2020-36843 | NONE0 | net.i2p.crypto:eddsa 0.3.0 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| GHSA-2m67-wjpj-xhg9 | NONE0 | tools.jackson.core:jackson-core 3.0.4 fixed in 3.1.1 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | tools.jackson.core:jackson-core 3.0.4 fixed in 3.1.0 | — | Not Applicable |