On this page
Security and CVE scan results
Review security and CVE scan results for Solo.io products.
Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.
Security and CVE scan
Latest 2.12.x gloo mesh enterprise Release: 2.12.2
gloo mesh enterprise gloo-mesh-istiod-agent image
No scan found
gloo mesh enterprise gloo-mesh-ui image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No scan found
gloo mesh enterprise gloo-mesh-apiserver image
No scan found
Release 2.12.1
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.12.1 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.12.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.12.1 (ubuntu 24.04)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.12.1 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.12.1 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.12.1 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.12.1 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.12.1 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.12.1 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Release 2.12.0
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.12.0 (ubuntu 24.04)
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Latest 2.11.x gloo mesh enterprise Release: 2.11.4
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.11.4 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.11.4 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.11.4 (ubuntu 24.04)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.11.4 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.11.4 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.11.4 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.11.4 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.11.4 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.11.4 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Release 2.11.3
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.11.3 (ubuntu 24.04)
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.11.2
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.11.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.11.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.11.1
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.11.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.11.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.11.0
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.11.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.11.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Latest 2.10.x gloo mesh enterprise Release: 2.10.5
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.5 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.5 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.5 (ubuntu 24.04)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.5 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.5 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.5 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.5 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.5 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.5 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Release 2.10.4
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.10.3
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.10.2
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.10.1
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.10.0
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Latest 2.9.x gloo mesh enterprise Release: 2.9.6
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.6 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.6 (ubuntu 24.04)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.6 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.6 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.6 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.6 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.6 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.6 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Release 2.9.5
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.9.4
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.9.3
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.9.2
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.9.1
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.9.0
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Latest 2.8.x gloo mesh enterprise Release: 2.8.6
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.8.5
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.8.4
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.8.3
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.8.2
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.8.1
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.8.0
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.8 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.8 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.8 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.8 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.8 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.8 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.8 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250411142419-0d83506c2883 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Latest 2.7.x gloo mesh enterprise Release: 2.7.7
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.7 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.7.6
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.6 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.6 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.6 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.6 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.6 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.6 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.6 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.7.5
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.5 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.5 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.5 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.5 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.5 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.5 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.5 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.7.4
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.7.3
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.7.2
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.8 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.8 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.8 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.8 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.8 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.8 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.8 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.7.1
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.1 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.1 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.30.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.1 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.1 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.1 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.1 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.1 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.1 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.7.0
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.0 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.32.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.0 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.30.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.27.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.27.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.0 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.32.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.0 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.32.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.0 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.32.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.0 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.32.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.0 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.32.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.0 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.32.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.69.4 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20250212095443-6bd0075edb31 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Latest 2.6.x gloo mesh enterprise Release: 2.6.13
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.13 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.68.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.5 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.5 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.5 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.13 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.13 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.68.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.5 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.5 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.5 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.13 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.68.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.5 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.5 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.5 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.13 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.68.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.5 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.5 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.5 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.13 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.68.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.5 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.5 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.5 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.13 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.68.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.5 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.5 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.5 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.13 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.68.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.5 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.5 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.5 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.12
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.12 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.28.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.28.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.28.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.28.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.11
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.11 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.30.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.28.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.28.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.28.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.28.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.10
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.10 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.10 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.10 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.30.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.10 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.10 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.10 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.10 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.10 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.10 (alpine 3.18.12)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.9
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.9 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.9 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.9 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.30.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.27.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.27.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.9 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.9 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.9 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.9 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.9 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.9 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.8
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.8 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.8 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.8 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.30.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.27.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.27.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.8 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.8 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.8 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.8 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.8 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.8 (alpine 3.18.11)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.7
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.7 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.7 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.7 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.30.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.27.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.27.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.7 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.7 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.7 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2024-41110 | github.com/docker/docker | CRITICAL | v27.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.0.3+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.7 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2024-41110 | github.com/docker/docker | CRITICAL | v27.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.0.3+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.7 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2024-41110 | github.com/docker/docker | CRITICAL | v27.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.0.3+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.7 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2024-41110 | github.com/docker/docker | CRITICAL | v27.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.0.3+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.6
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.6 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.6 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.1.5+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v26.1.5+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.24.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.24.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.6 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.6 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.6 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.6 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.6 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.6 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.5
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.5 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.5 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.1.4+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2024-41110 | github.com/docker/docker | CRITICAL | v26.1.4+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v26.1.4+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.24.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.24.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.5 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.5 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.5 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.5 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.5 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.5 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.4
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.4 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.4 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
Vulnerabilities Listed for usr/local/bin/pilot-agent
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.1.4+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2024-41110 | github.com/docker/docker | CRITICAL | v26.1.4+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v26.1.4+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.24.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.24.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.21.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.65.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.4 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.4 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.4 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.4 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.4 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.4 (alpine 3.18.9)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.3
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.3 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.3 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.3 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.3 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.3 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.3 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.3 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.3 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.3 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.2
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.2 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.2 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.2 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.2 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.2 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.2 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.2 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.2 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.2 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.1
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.1 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.1 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.1 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.1 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.1 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.1 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.1 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.1 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.1 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.6+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 2.6.0
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.0 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.0 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.0 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.0 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.0 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.0 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.5+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.0 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.5+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.0 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.5+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.14.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.0 (alpine 3.18.8)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.12 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v26.0.0+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v25.0.5+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.27.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.20.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.64.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20240511025857-aaf597fbfae6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.22.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2024-34156 | stdlib | HIGH | v1.22.4 | 1.22.7, 1.23.1 | https://avd.aquasec.com/nvd/cve-2024-34156 |
| CVE-2025-47907 | stdlib | HIGH | v1.22.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.22.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.22.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.22.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.22.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |