This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The primary risk is CVE-2026-45416 in the Netty TLS handler, which allows a remote attacker to cause denial of service by sending a large ClientHello, leading to memory exhaustion and potential crash. This vulnerability affects the default configuration and is directly reachable by any TCP client. Upgrading Netty to version 4.1.135.Final or later fully resolves the issue. All other vulnerabilities are low severity and unlikely to be exploited in isolation, but updating the image when available is prudent.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-6238 | MEDIUM5.52 | libc-bin 2.35-0ubuntu3.13 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc6 2.35-0ubuntu3.13 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44249 | MEDIUM5.5 | io.netty:netty-handler 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-11226 | MEDIUM5.44 | ch.qos.logback:logback-core 1.3.15 fixed in 1.5.19, 1.3.16 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc-bin 2.35-0ubuntu3.13 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc6 2.35-0ubuntu3.13 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libssl3 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libssl3 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-66382 | MEDIUM4.67 | libexpat1 2.4.7-1ubuntu0.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2022-27943 | MEDIUM4.67 | libgcc-s1 12.3.0-1ubuntu1~22.04.3 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2022-27943 | MEDIUM4.67 | libstdc++6 12.3.0-1ubuntu1~22.04.3 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc-bin 2.35-0ubuntu3.13 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc6 2.35-0ubuntu3.13 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42015 | MEDIUM4.5 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-34743 | MEDIUM4.5 | liblzma5 5.2.5-2ubuntu1 fixed in 5.2.5-2ubuntu1.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libssl3 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-6763 | MEDIUM4.5 | org.eclipse.jetty:jetty-http 9.4.58.v20250814 fixed in 12.0.12 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-1225 | MEDIUM4.25 | ch.qos.logback:logback-core 1.3.15 fixed in 1.5.25 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-epoll 4.1.130.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-3832 | LOW3.15 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42010 | LOW3 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libssl3 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | openssl 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2025-45582 | LOW2.86 | tar 1.34+dfsg-1ubuntu0.1.22.04.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-7383 | LOW2.8 | openssl 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5704 | LOW2.8 | tar 1.34+dfsg-1ubuntu0.1.22.04.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-33845 | LOW2.78 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libssl3 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | openssl 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-2332 | LOW2.78 | org.eclipse.jetty:jetty-http 9.4.58.v20250814 fixed in 12.1.7, 12.0.33 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2017-11164 | LOW2.7 | libpcre3 2:8.39-13ubuntu0.22.04.1 No fix yet | 3.1% Low-Moderate Risk | Post-Exploit |
| CVE-2022-4899 | LOW2.7 | libzstd1 1.4.8+dfsg-3build1 No fix yet | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2026-42766 | LOW2.7 | openssl 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42767 | LOW2.7 | openssl 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-34180 | LOW2.55 | openssl 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-42013 | LOW2.51 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-5260 | LOW2.51 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | bsdutils 1:2.37.2-4ubuntu3.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | mount 2.37.2-4ubuntu3.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | util-linux 2.37.2-4ubuntu3.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-41989 | LOW2.29 | libgcrypt20 1.9.4-3ubuntu3 fixed in 1.9.4-3ubuntu3.2 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-33846 | LOW2.29 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-42009 | LOW2.29 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2022-41409 | LOW2.29 | libpcre2-8-0 10.39-3ubuntu0.1 No fix yet | 1.0% Theoretical Threat | Post-Exploit |
| CVE-2026-3833 | LOW2.26 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42011 | LOW2.26 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW2.26 | libssl3 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW2.26 | openssl 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2021-31879 | LOW2.2 | wget 1.21.2-2ubuntu1.1 No fix yet | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-42012 | LOW2.17 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2024-2236 | LOW2.12 | libgcrypt20 1.9.4-3ubuntu3 No fix yet | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45446 | LOW1.89 | openssl 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW1.84 | passwd 1:4.8.1-2ubuntu2.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-42770 | LOW1.81 | openssl 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW1.81 | openssl 3.0.2-0ubuntu1.23 fixed in 3.0.2-0ubuntu1.25 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2023-29383 | LOW1.68 | passwd 1:4.8.1-2ubuntu2.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-50495 | NONE0 | libncurses6 6.3-2ubuntu0.1 No fix yet | 1.0% Theoretical Threat | Not Applicable |
| CVE-2023-50495 | NONE0 | libncursesw6 6.3-2ubuntu0.1 No fix yet | 1.0% Theoretical Threat | Not Applicable |
| CVE-2023-50495 | NONE0 | libtinfo6 6.3-2ubuntu0.1 No fix yet | 1.0% Theoretical Threat | Not Applicable |
| CVE-2026-6238 | NONE0 | locales 2.35-0ubuntu3.13 No fix yet | 0.3% Theoretical Threat | Not Applicable |
| CVE-2023-50495 | NONE0 | ncurses-base 6.3-2ubuntu0.1 No fix yet | 1.0% Theoretical Threat | Not Applicable |
| CVE-2023-50495 | NONE0 | ncurses-bin 6.3-2ubuntu0.1 No fix yet | 1.0% Theoretical Threat | Not Applicable |
| CVE-2026-40226 | NONE0 | libsystemd0 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21 | <0.1% Theoretical Threat | Not Applicable |
| CVE-2026-40226 | NONE0 | libudev1 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21 | <0.1% Theoretical Threat | Not Applicable |
| CVE-2023-7008 | NONE0 | libsystemd0 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2023-7008 | NONE0 | libudev1 249.11-0ubuntu3.20 fixed in 249.11-0ubuntu3.21 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-5435 | NONE0 | locales 2.35-0ubuntu3.13 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| CVE-2022-27943 | NONE0 | gcc-12-base 12.3.0-1ubuntu1~22.04.3 No fix yet | 0.9% Theoretical Threat | Not Applicable |
| CVE-2026-4046 | NONE0 | locales 2.35-0ubuntu3.13 No fix yet | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-27456 | NONE0 | libblkid1 2.37.2-4ubuntu3.5 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27456 | NONE0 | libmount1 2.37.2-4ubuntu3.5 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27456 | NONE0 | libsmartcols1 2.37.2-4ubuntu3.5 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27456 | NONE0 | libuuid1 2.37.2-4ubuntu3.5 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2024-56433 | NONE0 | login 1:4.8.1-2ubuntu2.2 No fix yet | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-40228 | NONE0 | libsystemd0 249.11-0ubuntu3.20 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-40228 | NONE0 | libudev1 249.11-0ubuntu3.20 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| CVE-2023-29383 | NONE0 | login 1:4.8.1-2ubuntu2.2 No fix yet | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42014 | NONE0 | libgnutls30 3.7.3-4ubuntu1.8 fixed in 3.7.3-4ubuntu1.9 | — | Not Applicable |
| CVE-2026-40930 | NONE0 | libpng16-16 1.6.37-3ubuntu0.5 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.15.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| CVE-2026-42583 | NONE0 | io.netty:netty-codec 4.1.130.Final fixed in 4.1.133.Final | 0.4% Theoretical Threat | Not Applicable |