This image poses a critical security risk and must not be used in production, especially as an internet-facing service. Exploitation of the identified vulnerabilities, particularly in the Netty HTTP components (e.g., CVE-2026-42581, CVE-2026-42587), could lead to unauthorized access, bypassing security controls, cache poisoning, or a complete denial of service for the SonarQube application. The image has 6 high-severity vulnerabilities (CVSS 7.0+) on its exposed surface, including critical request smuggling and denial-of-service issues that are highly relevant to a web application like SonarQube. Despite its status as an Official Docker Hub image, these severe, easily exploitable flaws make it unsuitable for production deployment.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-42581 | CRITICAL9.8 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | — | Directly ExposedContext importance: HIGH |
| CVE-2026-42587 | HIGH7.5 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | — | Directly ExposedContext importance: HIGH |
| CVE-2026-42585 | HIGH7.5 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | — | Directly ExposedContext importance: HIGH |
| CVE-2026-42587 | HIGH7.5 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | — | Directly ExposedContext importance: HIGH |
| CVE-2026-42579 | HIGH7.28 | io.netty:netty-codec-dns 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42584 | HIGH7.28 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42013 | MEDIUM6.56 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42580 | MEDIUM6.5 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.2.13.Final, 4.1.133.Final | — | Directly ExposedContext importance: HIGH |
| CVE-2026-41989 | MEDIUM6.38 | libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-33846 | MEDIUM6.38 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-33870 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.1.132.Final, 4.2.10.Final | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-33871 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.1.132.Final, 4.2.11.Final | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34479 | MEDIUM6.38 | org.apache.logging.log4j:log4j-1.2-api 2.19.0 fixed in 2.25.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-34478 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5588 | MEDIUM6.38 | org.bouncycastle:bcpkix-jdk18on 1.79 fixed in 1.84 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-5598 | MEDIUM6.38 | org.bouncycastle:bcprov-jdk18on 1.79 fixed in 1.84 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-29062 | MEDIUM6.38 | tools.jackson.core:jackson-core 3.0.4 fixed in 3.1.0 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-3833 | MEDIUM6.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42011 | MEDIUM6.29 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-45292 | MEDIUM6 | io.opentelemetry:opentelemetry-api 1.31.0 fixed in 1.62.0 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42012 | MEDIUM5.68 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4437 | MEDIUM5.52 | libc-bin 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc-bin 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4437 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-41417 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.130.Final fixed in 4.1.133.Final, 4.2.13.Final | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-0636 | MEDIUM5.52 | org.bouncycastle:bcprov-jdk18on 1.79 fixed in 1.84 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40226 | MEDIUM5.44 | libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40226 | MEDIUM5.44 | libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42015 | MEDIUM5.3 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly Exposed |
| CVE-2025-7962 | MEDIUM5.1 | com.sun.mail:jakarta.mail 1.6.3 fixed in 1.6.8, 2.0.2 | <0.1% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-7962 | MEDIUM5.1 | com.sun.mail:jakarta.mail 2.0.1 fixed in 1.6.8, 2.0.2 | <0.1% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-5435 | MEDIUM5.02 | libc-bin 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc6 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-2236 | MEDIUM5.02 | libgcrypt20 1.10.3-2build1 No fix yet | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.4 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.4 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-41909 | MEDIUM5.02 | org.apache.sshd:sshd-common 2.9.2 fixed in 2.12.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42010 | MEDIUM5 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5260 | MEDIUM4.92 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly Exposed |
| CVE-2025-69651 | MEDIUM4.67 | libbinutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2017-13716 | MEDIUM4.67 | libbinutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69651 | MEDIUM4.67 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2017-13716 | MEDIUM4.67 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69651 | MEDIUM4.67 | libctf0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2017-13716 | MEDIUM4.67 | libctf0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-66382 | MEDIUM4.67 | libexpat1 2.6.1-2ubuntu0.4 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69651 | MEDIUM4.67 | libgprofng0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2017-13716 | MEDIUM4.67 | libgprofng0 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69651 | MEDIUM4.67 | libsframe1 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2017-13716 | MEDIUM4.67 | libsframe1 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33845 | MEDIUM4.64 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42009 | MEDIUM4.5 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc-bin 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc6 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34743 | MEDIUM4.5 | liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.3 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.25.0 fixed in 2.25.3 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libblkid1 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libmount1 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libsmartcols1 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libuuid1 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-5419 | LOW3.7 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly Exposed |
| CVE-2023-35887 | LOW3.65 | org.apache.sshd:sshd-common 2.9.2 fixed in 2.9.3 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc-bin 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc6 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-1152 | LOW3.15 | libbinutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-1152 | LOW3.15 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-1152 | LOW3.15 | libctf0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-3832 | LOW3.15 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-1152 | LOW3.15 | libgprofng0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-1152 | LOW3.15 | libsframe1 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-48924 | LOW3.15 | org.apache.commons:commons-lang3 3.9 fixed in 3.18.0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-45582 | LOW2.86 | tar 1.35+dfsg-3build1 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69651 | LOW2.8 | binutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2017-13716 | LOW2.8 | binutils 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69651 | LOW2.8 | binutils-common 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2017-13716 | LOW2.8 | binutils-common 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69651 | LOW2.8 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2017-13716 | LOW2.8 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-5704 | LOW2.8 | tar 1.35+dfsg-3build1 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69647 | LOW2.8 | libbinutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69648 | LOW2.8 | libbinutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69652 | LOW2.8 | libbinutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69647 | LOW2.8 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69648 | LOW2.8 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69652 | LOW2.8 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69647 | LOW2.8 | libctf0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69648 | LOW2.8 | libctf0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69652 | LOW2.8 | libctf0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69647 | LOW2.8 | libgprofng0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69648 | LOW2.8 | libgprofng0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69652 | LOW2.8 | libgprofng0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69647 | LOW2.8 | libsframe1 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69648 | LOW2.8 | libsframe1 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69652 | LOW2.8 | libsframe1 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40228 | LOW2.8 | libsystemd0 255.4-1ubuntu8.15 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40228 | LOW2.8 | libudev1 255.4-1ubuntu8.15 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | LOW2.4 | bsdutils 1:2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | mount 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | util-linux 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69644 | LOW2.38 | libbinutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69645 | LOW2.38 | libbinutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69646 | LOW2.38 | libbinutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69644 | LOW2.38 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69645 | LOW2.38 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69646 | LOW2.38 | libctf-nobfd0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69644 | LOW2.38 | libctf0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69645 | LOW2.38 | libctf0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69646 | LOW2.38 | libctf0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69644 | LOW2.38 | libgprofng0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69645 | LOW2.38 | libgprofng0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69646 | LOW2.38 | libgprofng0 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69644 | LOW2.38 | libsframe1 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69645 | LOW2.38 | libsframe1 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69646 | LOW2.38 | libsframe1 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-56433 | LOW2.16 | login 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 4.5% Low-Moderate Risk | Post-Exploit |
| CVE-2024-56433 | LOW2.16 | passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 4.5% Low-Moderate Risk | Post-Exploit |
| CVE-2025-1152 | LOW1.89 | binutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-1152 | LOW1.89 | binutils-common 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-1152 | LOW1.89 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69647 | LOW1.68 | binutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69648 | LOW1.68 | binutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69652 | LOW1.68 | binutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69647 | LOW1.68 | binutils-common 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69648 | LOW1.68 | binutils-common 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69652 | LOW1.68 | binutils-common 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69647 | LOW1.68 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69648 | LOW1.68 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69652 | LOW1.68 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69644 | LOW1.43 | binutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69645 | LOW1.43 | binutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69646 | LOW1.43 | binutils 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69644 | LOW1.43 | binutils-common 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69645 | LOW1.43 | binutils-common 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69646 | LOW1.43 | binutils-common 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69644 | LOW1.43 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69645 | LOW1.43 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-69646 | LOW1.43 | binutils-x86-64-linux-gnu 2.42-4ubuntu2.10 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-4437 | NONE0 | locales 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Not Applicable |
| CVE-2026-6238 | NONE0 | locales 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Not Applicable |
| CVE-2026-5435 | NONE0 | locales 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Not Applicable |
| CVE-2026-4046 | NONE0 | locales 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Not Applicable |
| CVE-2026-4438 | NONE0 | locales 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Not Applicable |
| CVE-2026-42014 | NONE0 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.15.0 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.17.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.19.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.21.0 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| CVE-2026-42583 | NONE0 | io.netty:netty-codec 4.1.130.Final fixed in 4.1.133.Final | — | Not Applicable |
| CVE-2026-47244 | NONE0 | io.netty:netty-codec-http2 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | — | Not Applicable |
| CVE-2026-44249 | NONE0 | io.netty:netty-handler 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | — | Not Applicable |
| CVE-2026-45416 | NONE0 | io.netty:netty-handler 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | — | Not Applicable |
| CVE-2026-45674 | NONE0 | io.netty:netty-resolver-dns 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | — | Not Applicable |
| CVE-2026-47691 | NONE0 | io.netty:netty-resolver-dns 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | — | Not Applicable |
| CVE-2026-45673 | NONE0 | io.netty:netty-resolver-dns 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | — | Not Applicable |
| CVE-2020-36843 | NONE0 | net.i2p.crypto:eddsa 0.3.0 No fix yet | <0.1% Theoretical Threat | Not Applicable |
| GHSA-2m67-wjpj-xhg9 | NONE0 | tools.jackson.core:jackson-core 3.0.4 fixed in 3.1.1 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | tools.jackson.core:jackson-core 3.0.4 fixed in 3.1.0 | — | Not Applicable |