docker.elastic.co/elastic-agent/elastic-agent:8.19.15

全部漏洞信息

低危漏洞:15

中危漏洞:105

高危漏洞:99

严重漏洞:1

系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2026-05-14 15:18

docker.elastic.co/elastic-agent/elastic-agent:8.19.15 (ubuntu 24.04) (ubuntu)

低危漏洞:9

中危漏洞:28

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
bsdutils	CVE-2026-27456	中危	1:2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
curl	CVE-2026-5545	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-6253	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-6429	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Credential leak via reused proxy connection during HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-7168	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
dpkg	CVE-2026-2219	中危	1.22.6ubuntu6.5	1.22.6ubuntu6.6	It was discovered that dpkg-deb (a component of dpkg, the Debian packa ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2219 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-07 09:16 修改: 2026-03-09 15:15
libblkid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libc-bin	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc-bin	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc-bin	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc6	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libcap2	CVE-2026-4878	中危	1:2.66-5ubuntu2.2	1:2.66-5ubuntu2.4	libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-09 16:16 修改: 2026-05-07 22:16
libcurl4t64	CVE-2026-5545	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-6253	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-6429	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Credential leak via reused proxy connection during HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-7168	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libfdisk1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libmount1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libnghttp2-14	CVE-2026-27135	中危	1.59.0-1ubuntu0.2	1.59.0-1ubuntu0.3	nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 2026-03-18 18:16 修改: 2026-03-23 17:51
libsmartcols1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libuuid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
mount	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
sed	CVE-2026-5958	中危	4.9-2build1	4.9-2ubuntu0.24.04.1	When sed is invoked with both -i (in-place edit) and --follow-symlinks ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5958 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-20 12:16 修改: 2026-04-20 19:05
tar	CVE-2025-45582	中危	1.35+dfsg-3build1		tar: Tar path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2025-07-11 17:15 修改: 2025-11-02 01:15
tar	CVE-2026-5704	中危	1.35+dfsg-3build1		tar: tar: Hidden file injection via crafted archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-06 16:16 修改: 2026-04-22 20:08
util-linux	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libcurl4t64	CVE-2026-4873	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Information disclosure due to incorrect TLS connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-5773	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
login	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libcurl4t64	CVE-2026-6276	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
passwd	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
curl	CVE-2026-5773	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgcrypt20	CVE-2024-2236	低危	1.10.3-2build1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2024-03-06 22:15 修改: 2026-04-15 00:35
curl	CVE-2026-6276	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-4873	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Information disclosure due to incorrect TLS connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873 镜像层: sha256:a68aa998afaa0cbbc1a1eef3ed8321feb6be3e06fe46f8211db6277e9f4509e6 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/agentbeat (gobinary)

低危漏洞:0

中危漏洞:11

高危漏洞:13

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/apache/thrift	CVE-2026-41602	高危	v0.22.0	0.23.0	github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41602 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-28 10:16 修改: 2026-04-28 18:40
github.com/docker/docker	CVE-2026-34040	高危	v28.5.2+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/prometheus/prometheus	CVE-2026-42151	高危	v0.309.1	0.311.3	Prometheus is an open-source monitoring system and time series databas ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42151 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-04 19:16 修改: 2026-05-11 17:22
github.com/prometheus/prometheus	CVE-2026-42154	高危	v0.309.1	0.311.3	Prometheus is an open-source monitoring system and time series databas ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42154 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-04 19:16 修改: 2026-05-11 17:22
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.42.0	1.43.0	opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
stdlib	CVE-2026-32280	高危	v1.25.8	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.8	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.8	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.8	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.8	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.25.8	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.25.8	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.25.8	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
github.com/prometheus/prometheus	GHSA-fw8g-cg8f-9j28	中危	v0.309.1	0.311.3	Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display 漏洞详情: https://github.com/advisories/GHSA-fw8g-cg8f-9j28 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-05 21:53 修改: 2026-05-08 16:52
github.com/docker/docker	CVE-2026-33997	中危	v28.5.2+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.97.2	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/Azure/go-ntlmssp	CVE-2026-32952	中危	v0.0.0-20221128193559-754e69321358	0.1.1	go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32952 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-24 03:16 修改: 2026-04-24 14:50
github.com/prometheus/prometheus	CVE-2026-40179	中危	v0.309.1	0.311.2-0.20260410083055-07c6232d159b	Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40179 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-15 23:16 修改: 2026-04-22 20:04
stdlib	CVE-2026-32282	中危	v1.25.8	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.8	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.8	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.25.8	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.25.8	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.25.8	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/apm-server (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/apache/thrift	CVE-2026-41602	高危	v0.22.0	0.23.0	github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41602 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-28 10:16 修改: 2026-04-28 18:40
github.com/elastic/apm-server	CVE-2024-23448	高危	v0.0.0-20260422121148-d64028fa080d	8.12.1	APM Server vulnerable to Insertion of Sensitive Information into Log File 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23448 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2024-02-07 22:15 修改: 2024-11-21 08:57
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.42.0	1.43.0	opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
stdlib	CVE-2026-33811	高危	v1.26.2	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.2	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.26.2	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.26.2	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.26.2	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
github.com/elastic/apm-server	CVE-2024-37286	中危	v0.0.0-20260422121148-d64028fa080d	8.14.0	APM Server vulnerable to Insertion of Sensitive Information into Log File 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37286 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2024-08-03 16:15 修改: 2024-09-11 20:20
stdlib	CVE-2026-39823	中危	v1.26.2	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.26.2	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.26.2	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/cloud-defend (gobinary)

低危漏洞:1

中危漏洞:8

高危漏洞:12

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.64.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
github.com/distribution/distribution	CVE-2026-35172	高危	v2.8.2+incompatible		github.com/distribution/distribution: Distribution: Information disclosure via stale references after content deletion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35172 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-06 20:16 修改: 2026-04-27 23:55
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.38.0	1.41.0	OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
github.com/distribution/distribution	CVE-2026-33540	高危	v2.8.2+incompatible		github.com/distribution/distribution: Distribution: Information disclosure via improper validation of authentication realm URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33540 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-06 15:17 修改: 2026-04-09 18:36
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
github.com/distribution/distribution	CVE-2026-41888	中危	v2.8.2+incompatible		Distribution's tag deletion bypasses `storage.delete.enabled` configuration 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41888 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/cloudbeat (gobinary)

低危漏洞:1

中危漏洞:12

高危漏洞:12

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/containerd/containerd	CVE-2024-25621	高危	v1.7.27	1.7.29	github.com/containerd/containerd: containerd local privilege escalation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2025-11-06 19:15 修改: 2025-12-31 02:29
github.com/docker/docker	CVE-2026-34040	高危	v28.5.2+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/go-git/go-git/v5	CVE-2026-45022	高危	v5.16.2	5.19.0	go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/hashicorp/go-getter	CVE-2026-4660	高危	v1.7.9	1.8.6	go-getter: go-getter: Arbitrary file reads via maliciously crafted URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4660 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-09 14:16 修改: 2026-04-13 15:02
github.com/microsoft/kiota-http-go	CVE-2026-44503	高危	v1.5.4	1.5.5	Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44503 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/moby/spdystream	CVE-2026-35469	高危	v0.5.0	0.5.1	Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35469 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-16 22:16 修改: 2026-04-29 21:04
github.com/sigstore/timestamp-authority	CVE-2025-66564	高危	v1.2.2	2.0.3	github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66564 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2025-12-04 23:15 修改: 2026-03-17 20:38
stdlib	CVE-2026-33811	高危	v1.26.2	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.2	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.26.2	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.26.2	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.26.2	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
github.com/containerd/containerd	CVE-2025-64329	中危	v1.7.27	1.7.29	github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2025-11-07 05:16 修改: 2025-12-31 18:34
github.com/sigstore/cosign/v2	CVE-2026-22703	中危	v2.2.4	2.6.2	github.com/sigstore/cosign: Cosign verification accepts any valid Rekor entry under certain conditions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22703 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-01-10 07:16 修改: 2026-02-05 20:59
github.com/go-git/go-git/v5	CVE-2026-25934	中危	v5.16.2	5.16.5	go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25934 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-02-09 23:16 修改: 2026-02-20 20:21
helm.sh/helm/v3	CVE-2026-35206	中危	v3.18.6	3.20.2	github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35206 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-09 21:16 修改: 2026-04-16 20:36
github.com/go-git/go-git/v5	CVE-2026-34165	中危	v5.16.2	5.17.1	github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34165 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-31 15:16 修改: 2026-04-02 16:49
github.com/go-git/go-git/v5	CVE-2026-41506	中危	v5.16.2	5.18.0	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41506 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-08 14:16 修改: 2026-05-12 14:33
github.com/Azure/go-ntlmssp	CVE-2026-32952	中危	v0.0.0-20221128193559-754e69321358	0.1.1	go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32952 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-24 03:16 修改: 2026-04-24 14:50
github.com/in-toto/in-toto-golang	GHSA-pmwq-pjrm-6p5r	中危	v0.10.0	0.11.0	in-toto-golang and in-toto-python have inconsistent negation behavior 漏洞详情: https://github.com/advisories/GHSA-pmwq-pjrm-6p5r 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-08 22:24 修改: 2026-05-08 22:24
github.com/docker/docker	CVE-2026-33997	中危	v28.5.2+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
stdlib	CVE-2026-39823	中危	v1.26.2	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.26.2	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.26.2	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
github.com/go-git/go-git/v5	CVE-2026-33762	低危	v5.16.2	5.17.1	github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33762 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-31 15:16 修改: 2026-04-02 16:49

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/fleet-server (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:5

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.26.2	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.2	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.26.2	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.26.2	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.26.2	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39823	中危	v1.26.2	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.26.2	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.26.2	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/osquery-extension.ext (gobinary)

低危漏洞:0

中危漏洞:6

高危漏洞:9

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/apache/thrift	CVE-2026-41602	高危	v0.22.0	0.23.0	github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41602 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-28 10:16 修改: 2026-04-28 18:40
stdlib	CVE-2026-32280	高危	v1.25.8	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.8	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.8	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.8	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.8	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.25.8	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.25.8	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.25.8	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-32282	中危	v1.25.8	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.8	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.8	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.25.8	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.25.8	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.25.8	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/pf-elastic-collector (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:10

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.39.0	1.41.0	OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/pf-elastic-symbolizer (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:10

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.39.0	1.41.0	OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/pf-host-agent (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:10

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.39.0	1.41.0	OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/share/elastic-agent/data/elastic-agent-f4d26a/elastic-agent (gobinary)

低危漏洞:1

中危漏洞:12

高危漏洞:10

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/apache/thrift	CVE-2026-41602	高危	v0.22.0	0.23.0	github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41602 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-28 10:16 修改: 2026-04-28 18:40
github.com/docker/docker	CVE-2026-34040	高危	v28.5.2+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/prometheus/prometheus	CVE-2026-42151	高危	v0.310.0	0.311.3	Prometheus is an open-source monitoring system and time series databas ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42151 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-04 19:16 修改: 2026-05-11 17:22
github.com/prometheus/prometheus	CVE-2026-42154	高危	v0.310.0	0.311.3	Prometheus is an open-source monitoring system and time series databas ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42154 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-04 19:16 修改: 2026-05-11 17:22
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.42.0	1.43.0	opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	CVE-2026-39882	中危	v0.18.0	0.19.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	CVE-2026-39882	中危	v1.42.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.42.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
github.com/Azure/go-ntlmssp	CVE-2026-32952	中危	v0.0.0-20221128193559-754e69321358	0.1.1	go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32952 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-24 03:16 修改: 2026-04-24 14:50
github.com/docker/docker	CVE-2026-33997	中危	v28.5.2+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs	GHSA-xmrv-pmrh-hhx2	中危	v1.50.2	1.65.0	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.97.2	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/prometheus/prometheus	CVE-2026-40179	中危	v0.310.0	0.311.2-0.20260410083055-07c6232d159b	Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40179 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-04-15 23:16 修改: 2026-04-22 20:04
github.com/prometheus/prometheus	GHSA-fw8g-cg8f-9j28	中危	v0.310.0	0.311.3	Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display 漏洞详情: https://github.com/advisories/GHSA-fw8g-cg8f-9j28 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-05 21:53 修改: 2026-05-08 16:52
stdlib	CVE-2026-39823	中危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
filippo.io/edwards25519	CVE-2026-26958	低危	v1.1.0	1.1.1	filippo.io/edwards25519: filippo.io/edwards25519: Cryptographic integrity bypass due to incorrect MultiScalarMult results 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26958 镜像层: sha256:10af63665108578c410338e0f75328220a155dd352c443fe5791437214f7baa8 发布日期: 2026-02-19 23:16 修改: 2026-04-15 00:35

docker.elastic.co/elastic-agent/elastic-agent:8.19.15 linux/amd64

全部漏洞信息

docker.elastic.co/elastic-agent/elastic-agent:8.19.15 (ubuntu 24.04) (ubuntu)

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/agentbeat (gobinary)

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/apm-server (gobinary)

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/cloud-defend (gobinary)

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/cloudbeat (gobinary)

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/fleet-server (gobinary)

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/osquery-extension.ext (gobinary)

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/pf-elastic-collector (gobinary)

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/pf-elastic-symbolizer (gobinary)

usr/share/elastic-agent/data/elastic-agent-f4d26a/components/pf-host-agent (gobinary)

usr/share/elastic-agent/data/elastic-agent-f4d26a/elastic-agent (gobinary)