Vulnerability Reportvespaengine/vespa:8.700.24

vespaengine/vespa:8.700.24

DIGESTsha256:9ac71e6f462afa416bec90825fe3c127ae489788bc432bdfef89346a3bc5f420

Executive Summary

Threat ScoreNEEDS ATTENTION• One exposed surface vulnerability with severity 6.38 (CVE-2026-45416) in netty-handler, affecting TLS handshake processing.• Image is from high-reputation community (vespaengine) with 14M+ pulls and pinned by digest, indicating reliability.• No post-exploit vulnerabilities of high severity; max post-exploit severity is 3.62.• Total of 8 exposed vulnerabilities, but only one exceeds severity 6.0.• Vulnerability CVE-2026-45416 can be fully remediated by upgrading io.netty:netty-handler to version 4.2.15.Final or later.

25/100NEEDS ATTENTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (14M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The primary concern is CVE-2026-45416, a denial of service vulnerability in netty-handler that can be exploited remotely through TLS handshake, potentially causing service downtime. Upgrading io.netty:netty-handler to a patched version fully eliminates this risk. The image otherwise comes from a reputable publisher and is pinned by digest, offering good baseline trust.

Vulnerabilities

Vulnerability Log

22 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.2.14.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-44249	MEDIUM5.5	io.netty:netty-handler 4.2.14.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-34459	MEDIUM5.5	libxml2 2.9.7-21.el8_10.4 fixed in 2.9.7-21.el8_10.5	2.3% Low-Moderate Risk	Directly Exposed
CVE-2026-45186	MEDIUM5.1	expat 2.5.0-1.el8_10 fixed in 2.5.0-2.el8_10	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-50010	MEDIUM5.1	io.netty:netty-handler 4.2.14.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-35568	MEDIUM4.84	io.modelcontextprotocol.sdk:mcp-core 0.18.2 fixed in 1.0.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-35177	LOW3.62	vim-minimal 2:8.0.1763-22.el8_10.3 fixed in 2:8.0.1763-23.el8_10	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45536	LOW3.4	io.netty:netty-transport-native-epoll 4.2.14.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45447	LOW2.92	openssl-libs 1:1.1.1k-15.el8_6 fixed in 1:1.1.1k-16.el8_6	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-4741	LOW2.02	openssl-libs 1:1.1.1k-15.el8_6 fixed in 1:1.1.1k-16.el8_6	2.9% Low-Moderate Risk	Post-Exploit
CVE-2026-33811	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-34237	NONE0	io.modelcontextprotocol.sdk:mcp-core 0.18.2 fixed in 1.0.1, 1.1.1, 0.18.3	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable