This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. While generally trusted due to its official Docker Hub source and immutable digest pinning, it contains 31 exposed vulnerabilities. The most significant is CVE-2026-42013, a medium-importance vulnerability in `libgnutls30t64` that could allow certificate validation bypass. Any client application within the container performing TLS certificate validation using gnutls could be vulnerable to spoofing or man-in-the-middle attacks when connecting to untrusted servers. Addressing this specific vulnerability would significantly reduce the practical risk.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-42013 | MEDIUM6.56 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42011 | MEDIUM5.92 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42010 | MEDIUM5.88 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly Exposed |
| CVE-2026-42012 | MEDIUM5.68 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4437 | MEDIUM5.52 | libc-bin 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-4437 | MEDIUM5.52 | libc6 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-40226 | MEDIUM5.44 | libsystemd0 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40226 | MEDIUM5.44 | libudev1 255.4-1ubuntu8.15 fixed in 255.4-1ubuntu8.16 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-41989 | MEDIUM5.1 | libgcrypt20 1.10.3-2build1 fixed in 1.10.3-2ubuntu0.1 | <0.1% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-3833 | MEDIUM5.03 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | <0.1% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-5435 | MEDIUM5.02 | libc-bin 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc6 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-2236 | MEDIUM5.02 | libgcrypt20 1.10.3-2build1 No fix yet | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-5260 | MEDIUM4.92 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly Exposed |
| CVE-2026-33845 | MEDIUM4.64 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42009 | MEDIUM4.5 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc-bin 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc6 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34743 | MEDIUM4.5 | liblzma5 5.6.1+really5.4.5-1ubuntu0.2 fixed in 5.6.1+really5.4.5-1ubuntu0.3 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42015 | MEDIUM4.24 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-27456 | MEDIUM4 | libblkid1 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libmount1 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libuuid1 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-33846 | LOW3.83 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-5419 | LOW3.7 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc-bin 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc6 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-3832 | LOW3.15 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-45582 | LOW2.86 | tar 1.35+dfsg-3build1 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-5704 | LOW2.8 | tar 1.35+dfsg-3build1 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-40228 | LOW2.8 | libsystemd0 255.4-1ubuntu8.15 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40228 | LOW2.8 | libudev1 255.4-1ubuntu8.15 No fix yet | <0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | LOW2.4 | bsdutils 1:2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | mount 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | util-linux 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW2.16 | login 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 4.5% Low-Moderate Risk | Post-Exploit |
| CVE-2024-56433 | LOW2.16 | passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 4.5% Low-Moderate Risk | Post-Exploit |
| CVE-2026-6238 | LOW1.99 | libc-bin 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-6238 | LOW1.99 | libc6 2.39-0ubuntu8.7 No fix yet | <0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | NONE0 | libsmartcols1 2.39.3-9ubuntu6.5 No fix yet | <0.1% Theoretical Threat | Not Applicable |
| CVE-2026-42014 | NONE0 | libgnutls30t64 3.8.3-1.1ubuntu3.5 fixed in 3.8.3-1.1ubuntu3.6 | — | Not Applicable |