Vulnerability Reportubuntu:22.04

Name: ubuntu:22.04 Security Vulnerability Report
Creator: BaseImage
Keywords: ubuntu:22.04, Docker security, vulnerability scan, CVE, container security, SBOM

ubuntu:jammy-20260509ubuntu:jammyubuntu:22.04

DIGESTsha256:4f838adc7181d9039ac795a7d0aba05a9bd9ecd480d294483169c5def983b64d

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit critical GnuTLS vulnerabilities, such as CVE-2026-42013, to bypass certificate validation, enabling spoofing, man-in-the-middle attacks, or interception of sensitive data. Additionally, CVE-2026-42010 could lead to unauthorized access by bypassing authentication if the container is configured to run a GnuTLS server using RSA-PSK, though the default startup command does not suggest this. Given these unmitigated risks, deployment in sensitive environments is strictly prohibited.

Threat Score

84/100

DANGEROUS

High threat score of 84, classifying the image as DANGEROUS for production use.
Contains 3 critical exposed vulnerabilities with severity 7.0 or higher, including a severe certificate validation bypass (CVE-2026-42013, severity 8.2).
Another critical exposed vulnerability (CVE-2026-42010, severity 7.84) could lead to authentication bypass if specific GnuTLS server configurations are used.
An additional exposed certificate validation bypass vulnerability (CVE-2026-42012, severity 7.1) further increases risks of spoofing or data interception.
Despite being an official Docker Hub image, it has 41 total exposed vulnerabilities, with 6 rated severity 6.0 or higher.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

ubuntu:22.04

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

51 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42013	HIGH8.2	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: HIGH
CVE-2026-42010	HIGH7.84	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: MEDIUM
CVE-2026-42012	HIGH7.1	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: HIGH
CVE-2017-11164	MEDIUM6.38	libpcre3 2:8.39-13ubuntu0.22.04.1 No fix yet	0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-33845	MEDIUM6.18	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42009	MEDIUM6	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: MEDIUM
CVE-2026-42011	MEDIUM5.92	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly ExposedContext importance: MEDIUM
CVE-2026-6238	MEDIUM5.52	libc-bin 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc6 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-50495	MEDIUM5.52	libncurses6 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2023-50495	MEDIUM5.52	libncursesw6 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2023-50495	MEDIUM5.52	libtinfo6 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-50495	MEDIUM5.52	ncurses-base 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-50495	MEDIUM5.52	ncurses-bin 6.3-2ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-40226	MEDIUM5.44	libsystemd0 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40226	MEDIUM5.44	libudev1 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM5.3	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly Exposed
CVE-2026-41989	MEDIUM5.1	libgcrypt20 1.9.4-3ubuntu3 fixed in 1.9.4-3ubuntu3.2	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33846	MEDIUM5.1	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2022-4899	MEDIUM5.1	libzstd1 1.4.8+dfsg-3build1 No fix yet	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-3833	MEDIUM5.03	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	libc-bin 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.02	libgcrypt20 1.9.4-3ubuntu3 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2023-7008	MEDIUM5.02	libsystemd0 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	0.5% Theoretical Threat	Directly Exposed
CVE-2023-7008	MEDIUM5.02	libudev1 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5260	MEDIUM4.92	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Directly Exposed
CVE-2022-27943	MEDIUM4.67	gcc-12-base 12.3.0-1ubuntu1~22.04.3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc-s1 12.3.0-1ubuntu1~22.04.3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libstdc++6 12.3.0-1ubuntu1~22.04.3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-bin 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.35-0ubuntu3.13 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.2.5-2ubuntu1 fixed in 5.2.5-2ubuntu1.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3832	LOW3.15	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-45582	LOW2.86	tar 1.34+dfsg-1ubuntu0.1.22.04.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.34+dfsg-1ubuntu0.1.22.04.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-40228	LOW2.8	libsystemd0 249.11-0ubuntu3.20 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 249.11-0ubuntu3.20 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	LOW2.4	bsdutils 1:2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.37.2-4ubuntu3.5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	libpcre2-8-0 10.39-3ubuntu0.1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW2.16	login 1:4.8.1-2ubuntu2.2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.8.1-2ubuntu2.2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2023-29383	LOW1.68	login 1:4.8.1-2ubuntu2.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-29383	LOW1.68	passwd 1:4.8.1-2ubuntu2.2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-42014	NONE0	libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9	—	Not Applicable