Vulnerability Reportvictoriametrics/victoria-metrics:v1.140.0

victoriametrics/victoria-metrics:v1.140.0

DIGESTsha256:5ea06e3a567249f8a23181208755f36dabd3b515f7023e9eb570fd4ae6c29203

Executive Summary

Threat ScoreNEEDS ATTENTION• 56 total vulnerabilities, including 4 with severity >=6.0 (max 6.38) from EXPOSED_SURFACE (CVE-2026-39820, CVE-2026-39836, CVE-2026-34182).• Top findings in stdlib and openssl could allow denial of service or integrity bypass under specific conditions.• Post-exploit layer contains 5 low-severity issues (max 2.48), posing negligible risk.• Image is from verified publisher, pinned by digest, and widely pulled (97M+), indicating strong trust.

27/100NEEDS ATTENTION

ReputationVERIFIED• Verified Publisher (Trusted Vendor)• Pinned by digest (Immutable)

TRUSTED

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The 56 vulnerabilities include 4 medium-severity EXPOSED_SURFACE issues in stdlib and openssl, such as CVE-2026-39820 (CPU exhaustion) and CVE-2026-34182 (potential message forgery). While these do not directly compromise confidentiality or authentication in typical usage, they could be exploited in specific scenarios if the relevant code paths are triggered. The image is from a trusted vendor and pinned by digest, providing a solid baseline; applying security patches for the affected packages would further strengthen the deployment.

Vulnerabilities

Vulnerability Log

61 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-39820	MEDIUM6.38	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM5.1	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-28388	MEDIUM5.1	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33811	MEDIUM5.1	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45447	MEDIUM4.86	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Directly Exposed
CVE-2026-45447	MEDIUM4.86	libssl3 3.5.5-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl-utils 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45445	MEDIUM4.64	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45445	MEDIUM4.64	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-28389	LOW3.83	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	LOW3.83	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	LOW3.83	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-28389	LOW3.83	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	LOW3.83	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	LOW3.83	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	LOW3.83	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-28387	LOW2.48	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl-utils 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-39823	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable