Security and CVE scan results
Review security and CVE scan results for Solo.io products.
Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.
Security and CVE scan
Latest 2.12.x gloo mesh enterprise Release: 2.12.3
gloo mesh enterprise gloo-mesh-envoy image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No scan found
gloo mesh enterprise gloo-mesh-apiserver image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No scan found
gloo mesh enterprise gloo-mesh-istiod-agent image
No scan found
gloo mesh enterprise gloo-mesh-ui image
No scan found
Release 2.12.2
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.12.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.12.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.12.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.7.6 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.12.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.12.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.12.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.12.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.7.6 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.12.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.12.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.12.1
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.12.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.12.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.12.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.7.6 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.12.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.12.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.12.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.12.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.7.6 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.12.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.12.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.12.0
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.12.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.7.6 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.7.6 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.12.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Latest 2.11.x gloo mesh enterprise Release: 2.11.5
gloo mesh enterprise gloo-mesh-envoy image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No scan found
gloo mesh enterprise gloo-mesh-apiserver image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No scan found
gloo mesh enterprise gloo-mesh-istiod-agent image
No scan found
gloo mesh enterprise gloo-mesh-ui image
No scan found
Release 2.11.4
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.11.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.11.4 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.11.4 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.7.6 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.11.4 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.11.4 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.11.4 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.11.4 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.7.6 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.11.4 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.11.4 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.11.3
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.11.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.7.6 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v29.1.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.7.6 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.11.3 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.11.2
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.11.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.11.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.11.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.11.1
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.11.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.11.1 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.5 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.11.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.11.0
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.11.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.3.3+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.38.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.11.0 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.2 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.76.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.25.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.25.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.25.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.25.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.11.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Latest 2.10.x gloo mesh enterprise Release: 2.10.6
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.6 (alpine 3.23.4)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.6 (alpine 3.23.4)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.6 (alpine 3.23.4)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.6 (alpine 3.23.4)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.6 (alpine 3.23.4)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.6 (alpine 3.23.4)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.6 (alpine 3.23.4)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.10.5
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.5 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.5 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.5 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.5 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.5 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.5 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.5 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.5 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.10.4
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.10.3
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.10.2
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.2 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.10.1
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.2.2+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.1 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.73.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.10.0
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.0 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Latest 2.9.x gloo mesh enterprise Release: 2.9.6
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.39.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.78.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32280 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
| CVE-2026-33810 | stdlib | HIGH | v1.26.1 | 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-33810 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2026-28387 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r21 | 1.2.5-r23 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.9.5
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.9.4
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.9.3
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.9.2
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.2 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.9.1
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.9.0
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.0.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.35.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Latest 2.8.x gloo mesh enterprise Release: 2.8.6
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.8.5
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.8.4
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5.24.04.1 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.0.5 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.36.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.8.3
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-analyzer image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.27 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.3 (alpine 3.21.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Release 2.8.2
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
| CVE-2025-32462 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32462 |
| CVE-2025-32463 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.1 | https://avd.aquasec.com/nvd/cve-2025-32463 |
| CVE-2026-35535 | sudo | HIGH | 1.9.15p5-3ubuntu5 | 1.9.15p5-3ubuntu5.24.04.2 | https://avd.aquasec.com/nvd/cve-2026-35535 |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32283 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2026-31789 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-31789 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28387 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28387 |
| CVE-2026-28388 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28388 |
| CVE-2026-28389 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28389 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-40200 | musl | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-40200 | musl-utils | HIGH | 1.2.5-r9 | 1.2.5-r11 | https://avd.aquasec.com/nvd/cve-2026-40200 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-25621 | github.com/containerd/containerd | HIGH | v1.7.24 | 1.7.29 | https://avd.aquasec.com/nvd/cve-2024-25621 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.5.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-33816 | github.com/jackc/pgx/v5 | CRITICAL | v5.6.0 | 5.9.0 | https://avd.aquasec.com/nvd/cve-2026-33816 |
| CVE-2026-35469 | github.com/moby/spdystream | HIGH | v0.5.0 | 0.5.1 | https://avd.aquasec.com/nvd/cve-2026-35469 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.3 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.2 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.2 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.2 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.2 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.2 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.2 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.2 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32280 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32280 |
| CVE-2026-32281 | stdlib | HIGH | v1.24.2 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32281 |
| CVE-2026-32283 |