Scanner: Docker Scout
Critical vulnerabilities: 0
High vulnerabilities: 3
Medium vulnerabilities: 5
Critical
No critical vulnerabilities found.
High
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-42151 | prometheus | 0.309.2-0.20260113170727-c7bc56cf6c8f | 0.311.3 | CVE-2026-42151: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2026-42154 | prometheus | 0.309.2-0.20260113170727-c7bc56cf6c8f | 0.311.3 | CVE-2026-42154: Uncontrolled Resource Consumption |
| CVE-2026-34040 | docker | 28.5.2%2Bincompatible | not fixed | CVE-2026-34040: Authentication Bypass Using an Alternate Path or Channel |
Medium
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| GHSA-fw8g-cg8f-9j28 | prometheus | 0.309.2-0.20260113170727-c7bc56cf6c8f | 0.311.3 | GHSA-fw8g-cg8f-9j28: Improper Neutralization of Input During Web Page Generation ('Cross-site Script... |
| CVE-2026-39882 | otlploghttp | 0.16.0 | 0.19.0 | CVE-2026-39882: Memory Allocation with Excessive Size Value |
| CVE-2026-40179 | prometheus | 0.309.2-0.20260113170727-c7bc56cf6c8f | 0.311.2-0.20260410083055-07c6232d159b | CVE-2026-40179: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2026-6993 | v2 | 2.8.4 | not fixed | CVE-2026-6993: Unintended Proxy or Intermediary ('Confused Deputy') |
| CVE-2026-33997 | docker | 28.5.2%2Bincompatible | not fixed | CVE-2026-33997: Off-by-one Error |