Vulnerability Reportthanosio/thanos:main-2026-06-17-421734b

thanosio/thanos:main-2026-06-17-421734b

DIGESTsha256:1ea77b1e0407410d4bede6f501c2ccb014465b8a6faf11e73d6300b779b3cef6

Executive Summary

Threat ScoreNEEDS ATTENTION• High reputation community image with 75M+ pulls and pinned by digest• One exposed vulnerability with severity 6.38 (CVE-2026-42154)• Vulnerability allows unauthenticated denial of service via remote read endpoint• No post-exploitation vulnerabilities found

25/100NEEDS ATTENTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (75M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The CVE-2026-42154 vulnerability in the Prometheus dependency could allow an unauthenticated attacker to cause memory exhaustion and crash the Thanos process via the remote read endpoint. Upgrading the Prometheus dependency to a patched version would eliminate this risk.

Vulnerabilities

Vulnerability Log

5 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42154	MEDIUM6.38	github.com/prometheus/prometheus v0.309.1 fixed in 0.311.3, 0.305.2	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42151	MEDIUM5.1	github.com/prometheus/prometheus v0.309.1 fixed in 0.311.3	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-40179	MEDIUM4.14	github.com/prometheus/prometheus v0.309.1 fixed in 0.311.2-0.20260410083055-07c6232d159b	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-44903	MEDIUM4.14	github.com/prometheus/prometheus v0.309.1 fixed in 0.311.3	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-2303	NONE0	go.mongodb.org/mongo-driver v1.17.6 fixed in 1.17.7	0.2% Theoretical Threat	Not Applicable