Vulnerability Reporttraefik/whoami:v1.10.2

traefik/whoami:v1.10.2

DIGESTsha256:1474027c316661cdec87df2623e13a41e7e1ce0ba99c24917631de8f300b5420

Executive Summary

Threat ScoreDANGEROUS• CVE-2024-24790 (severity 7.84) allows bypass of IP-based access controls in the golang networking library.• CVE-2025-61726 and CVE-2026-25679 (both severity 6.38, context importance HIGH) enable denial of service via memory exhaustion or malformed URLs.• The image has 39 exposed vulnerabilities (max severity 7.84) and 16 post-exploit findings, though none of the latter exceed severity 6.0.• Despite being a popular community image (37M+ pulls) and pinned by digest, the exploitable exposed surface is critical.

75/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (37M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could bypass IP-based access controls using CVE-2024-24790 or cause denial of service through CVE-2025-61726 and CVE-2026-25679.

Vulnerabilities

Vulnerability Log

55 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2024-24790	HIGH7.84	stdlib v1.22.2 fixed in 1.21.11, 1.22.4	2.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-61726	MEDIUM6.38	stdlib v1.22.2 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-25679	MEDIUM6.38	stdlib v1.22.2 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2024-24791	MEDIUM5.9	stdlib v1.22.2 fixed in 1.21.12, 1.22.5	1.4% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2025-22872	MEDIUM5.52	golang.org/x/net v0.25.0 fixed in 0.38.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-47906	MEDIUM5.52	stdlib v1.22.2 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.22.2 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.22.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.22.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2024-34155	MEDIUM5.02	stdlib v1.22.2 fixed in 1.22.7, 1.23.1	0.8% Theoretical Threat	Directly Exposed
CVE-2024-45336	MEDIUM5.02	stdlib v1.22.2 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.6% Theoretical Threat	Directly Exposed
CVE-2024-24789	MEDIUM4.67	stdlib v1.22.2 fixed in 1.21.11, 1.22.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.22.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22871	MEDIUM4.59	stdlib v1.22.2 fixed in 1.23.8, 1.24.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.22.2 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.22.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22866	MEDIUM4.5	stdlib v1.22.2 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.22.2 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.22.2 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.22.2 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.22.2 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.22.2 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.22.2 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.22.2 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.22.2 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.22.2 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.22.2 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.22.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.22.2 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	golang.org/x/net v0.25.0 fixed in 0.36.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	stdlib v1.22.2 fixed in 1.23.7, 1.24.1	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45341	LOW3.57	stdlib v1.22.2 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-68121	LOW3.06	stdlib v1.22.2 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Post-Exploit
CVE-2024-34156	LOW2.7	stdlib v1.22.2 fixed in 1.22.7, 1.23.1	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-24788	LOW2.7	stdlib v1.22.2 fixed in 1.22.3	1.0% Low-Moderate Risk	Post-Exploit
CVE-2025-61729	LOW2.29	stdlib v1.22.2 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-32280	LOW2.29	stdlib v1.22.2 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-32281	LOW2.29	stdlib v1.22.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-32283	LOW2.29	stdlib v1.22.2 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33811	LOW2.29	stdlib v1.22.2 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-33814	LOW2.29	stdlib v1.22.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.22.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.22.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2025-58183	LOW2.29	stdlib v1.22.2 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.22.2 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2025-47907	LOW2.14	stdlib v1.22.2 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Post-Exploit
CVE-2024-34158	LOW2.12	stdlib v1.22.2 fixed in 1.22.7, 1.23.1	1.0% Low-Moderate Risk	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.22.2 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2025-4673	LOW2.08	stdlib v1.22.2 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Post-Exploit
CVE-2026-39823	NONE0	stdlib v1.22.2 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.22.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.22.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.22.2 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.22.2 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.22.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable