Vulnerability Reportubuntu:latest

Name: ubuntu:rolling Security Vulnerability Report
Creator: BaseImage
Keywords: ubuntu:rolling, Docker security, vulnerability scan, CVE, container security, SBOM

ubuntu:latestubuntu:rollingubuntu:resolute-20260421ubuntu:resoluteubuntu:26.04

DIGESTsha256:f3d28607ddd78734bb7f71f117f3c6706c666b8b76cbff7c9ff6e5718d46ff64

Executive Summary

SAFE

This image is safe for production use. It is an Official Docker Hub image, trusted and pinned by digest, ensuring its integrity and authenticity. While 18 exposed and 42 post-exploit vulnerabilities were identified, none are rated as high or critical severity. The maximum severity for an exposed vulnerability is 5.1, and for post-exploit findings, it is 3.21, as seen with CVE-2026-5958.

Threat Score

0/100

SAFE

The image is published by Docker Official, indicating high trust and strong reputation.
Image integrity is ensured by pinning to a digest, guaranteeing immutability.
No high or critical vulnerabilities are exposed on the attack surface.
All identified vulnerabilities are of low severity, with a maximum exposed severity of 5.1.
The highest post-exploit vulnerability, CVE-2026-5958, has a low severity of 3.21.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

ubuntu:latest

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

72 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-41989	MEDIUM5.1	libgcrypt20 1.12.0-2 fixed in 1.12.0-2ubuntu0.1	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4046	MEDIUM4.5	libc-bin 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc-gconv-modules-extra 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libc6 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM4.42	libc-bin 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM4.42	libc-gconv-modules-extra 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM4.42	libc6 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-2236	MEDIUM4.02	libgcrypt20 1.12.0-2 No fix yet	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-27456	MEDIUM4	libblkid1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc-bin 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc-gconv-modules-extra 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libc6 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5958	LOW3.21	sed 4.9-2build3 fixed in 4.9-2ubuntu1	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-45582	LOW2.86	tar 1.35+dfsg-4 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-35373	LOW2.8	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.35+dfsg-4 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-41990	LOW2.8	libgcrypt20 1.12.0-2 fixed in 1.12.0-2ubuntu0.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 259.5-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 259.5-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW2.7	bsdutils 1:2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	login 1:4.16.0-2+really2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	mount 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	login 1:4.16.0-2+really2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.17.4-2ubuntu3 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc-gconv-modules-extra 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc-bin 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc-gconv-modules-extra 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc6 2.43-2ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.62	libblkid1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.62	libmount1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.62	libsmartcols1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW1.62	libuuid1 2.41.3-3ubuntu2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-33811	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login.defs 1:4.17.4-2ubuntu3 No fix yet	4.5% Low-Moderate Risk	Not Applicable
CVE-2026-35341	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35344	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35345	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35348	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35350	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35351	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35352	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35354	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35357	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35359	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35360	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35363	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35364	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35367	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35368	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35370	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35371	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35374	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-35377	NONE0	rust-coreutils 0.8.0-0ubuntu3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	<0.1% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	—	Not Applicable