{"@context":"https://openvex.dev/ns/v0.2.0","@id":"pkg:docker/agent@7.78.4","author":"security@datadoghq.com","author_role":"Vulnerability Management","last_updated":"2026-06-29T12:57:41.991525858Z","statements":[{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.110758Z","impact_statement":"Low risk under normal Agent operation: the vulnerable Python decompression APIs are not used anywhere in the Datadog Agent. The affected code path is not reachable through shipped functionality. Exposure remains theoretically possible through bundled third-party packages or customer-authored checks. We are monitoring the upstream Python 3.13 backport and will track remediation through the planned upgrade to Python 3.13.14, which includes the CVE-2026-6100 fix.","justification":"","last_updated":"2026-06-29T11:27:38.110758Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T11:27:38.110758Z","vulnerability":{"name":"CVE-2026-6100"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.110846Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.110846Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.110846Z","vulnerability":{"name":"CVE-2026-11940"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.11314Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.11314Z","products":[{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.11314Z","vulnerability":{"name":"CVE-2024-2236"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.113536Z","impact_statement":"The Datadog Agent uses its significantly newer embedded OpenSSL, not the Ubuntu system OpenSSL package.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.113536Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.113536Z","vulnerability":{"name":"CVE-2024-41996"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.114044Z","impact_statement":"This vulnerability was fixed in v7.80.1. The agent embeds Python \u003e3.13.14 which is the patched version","justification":"","last_updated":"2026-06-29T11:27:38.114043Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"fixed","timestamp":"2026-06-29T11:27:38.114043Z","vulnerability":{"name":"CVE-2026-3298"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.114466Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.114465Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.114465Z","vulnerability":{"name":"CVE-2026-1502"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.11452Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.11452Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.11452Z","vulnerability":{"name":"CVE-2026-11972"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.114741Z","impact_statement":"The image ships only perl-base (the minimal Perl interpreter) and does not include perl-modules or any other package that provides Archive::Tar.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.11474Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.11474Z","vulnerability":{"name":"CVE-2026-42496"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.115041Z","impact_statement":"The agent codebase is primarily Go which does not invoke glibc's stdio scanner, and all embedded C binaries and shared libraries do not contain occurrences of the %mc pattern. There is no reachable code path through which an attacker could supply input to the vulnerable glibc branch","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T11:27:38.115041Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.115041Z","vulnerability":{"name":"CVE-2026-5450"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.115311Z","impact_statement":"CVE-2026-9538 is a memory-exhaustion denial-of-service in Perl's Archive::Tar module. The Datadog Agent image ships only perl-base, the stripped-down Perl interpreter with no optional modules, and does not install the full perl or perl-modules packages that contain Archive::Tar.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.115311Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.11531Z","vulnerability":{"name":"CVE-2026-9538"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.115437Z","impact_statement":"Given the low risk of this vulnerability, since it requires repeated use of the system tar binary and the agent neither invokes /usr/bin/tar nor relies on it for archive handling, instead using Go’s safe archive/tar implementation with path protections, we propose to wait for an official fix from the vendor.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:27:38.115437Z","products":[{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.115437Z","vulnerability":{"name":"CVE-2025-45582"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.115495Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.115495Z","products":[{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.115495Z","vulnerability":{"name":"CVE-2026-5704"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.115586Z","impact_statement":"The Datadog Agent image does not have Archive::Tar installed, only perl-base (the minimal Perl runtime) is present in the image","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.115586Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.115586Z","vulnerability":{"name":"CVE-2026-42497"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.116026Z","impact_statement":"CVE-2026-8376 only affects 32-bit Perl builds, but the image ships only perl-base on a 64-bit architecture, making the integer overflow mechanically impossible","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.116026Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.116025Z","vulnerability":{"name":"CVE-2026-8376"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.116113Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.116113Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"affected","timestamp":"2026-06-29T11:27:38.116113Z","vulnerability":{"name":"CVE-2026-12087"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.116511Z","impact_statement":"CVE-2026-48959 is a CPU exhaustion vulnerability in the Perl module IO::Uncompress::Unzip. The Agent ships only perl-base, the minimal Ubuntu Perl runtime, and does not install the libio-compress-perl package.","justification":"component_not_present","last_updated":"2026-06-29T11:27:38.116511Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.116511Z","vulnerability":{"name":"CVE-2026-48959"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.116778Z","impact_statement":"The ffmpeg-related packages identified in the scan are transitive dependencies introduced through the browser components used by the Synthetics worker. They are not directly invoked by Datadog application code, but are installed as part of the underlying operating system and Chrome dependencies required for browser-based test execution.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T11:27:38.116778Z","products":[{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.116778Z","vulnerability":{"name":"CVE-2025-1352"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.116975Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.116974Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T11:27:38.116974Z","vulnerability":{"name":"CVE-2026-4046"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.117491Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.117491Z","products":[{"@id":"pkg:pypi/pyjwt@2.12.1"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.117491Z","vulnerability":{"name":"CVE-2026-48526"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.117534Z","impact_statement":"The agent's primary runtime (Go) does not use glibc wide character I/O functions, all Python processes run exclusively with UTF-8 encoding (which the NVD advisory explicitly excludes from the data-disclosure path)","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.117534Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.117533Z","vulnerability":{"name":"CVE-2026-5928"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.117635Z","impact_statement":"No agent code uses `imaplib`, the agent is an infrastructure monitoring tool with no email/IMAP functionality","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.117635Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.117635Z","vulnerability":{"name":"CVE-2025-15366"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.117669Z","impact_statement":"The vulnerability is a command injection via newlines in the `poplib` module (Python's POP3 email client library). No agent code uses `poplib`, the agent is an infrastructure monitoring tool with no email/POP3 functionality","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.117669Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.117668Z","vulnerability":{"name":"CVE-2025-15367"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.117914Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.117914Z","products":[{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"}],"status":"affected","timestamp":"2026-06-29T11:27:38.117914Z","vulnerability":{"name":"CVE-2026-54411"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.118476Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.118476Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T11:27:38.118476Z","vulnerability":{"name":"CVE-2026-6238"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.118675Z","impact_statement":"The image ships only perl-base, a stripped-down package that provides only the bare Perl runtime needed by system init scripts, without any CPAN modules","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.118675Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.118675Z","vulnerability":{"name":"CVE-2026-48962"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.118753Z","impact_statement":"This vulnerability was fixed in v7.80.1. The agent embeds Python \u003e3.13.14 which is the patched version","justification":"","last_updated":"2026-06-29T11:27:38.118753Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"fixed","timestamp":"2026-06-29T11:27:38.118753Z","vulnerability":{"name":"CVE-2026-4786"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.1188Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.1188Z","products":[{"@id":"pkg:pypi/pyjwt@2.12.1"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.118799Z","vulnerability":{"name":"CVE-2026-48525"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.118893Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.118893Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T11:27:38.118893Z","vulnerability":{"name":"CVE-2026-4437"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.119329Z","impact_statement":"While the vulnerable libpam0g package is present in the Datadog Agent's Ubuntu base image, the Agent does not use PAM for authentication operations, making this vulnerability not exploitable in the Agent's context.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:27:38.119329Z","products":[{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.119329Z","vulnerability":{"name":"CVE-2024-10041"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.119577Z","impact_statement":"libio-compress-perl is not installed in the agent","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.119576Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.119576Z","vulnerability":{"name":"CVE-2026-48961"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.119642Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.119641Z","products":[{"@id":"pkg:golang/go.mongodb.org/mongo-driver@v1.17.6"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.119641Z","vulnerability":{"name":"CVE-2026-2303"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.119765Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.119765Z","products":[{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.119765Z","vulnerability":{"name":"CVE-2016-2781"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.119821Z","impact_statement":"infocmp is never invoked by the Datadog Agent at runtime. The attack requires local access, attacker-controlled terminfo entries, and user interaction.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:27:38.119821Z","products":[{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.119821Z","vulnerability":{"name":"CVE-2025-69720"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.12006Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.12006Z","products":[{"@id":"pkg:deb/ubuntu/login@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/login@4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/passwd@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/passwd@4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/login@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/login@4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/passwd@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/passwd@4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"}],"status":"affected","timestamp":"2026-06-29T11:27:38.120059Z","vulnerability":{"name":"CVE-2024-56433"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.120532Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.120532Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T11:27:38.120531Z","vulnerability":{"name":"CVE-2016-20013"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.120693Z","impact_statement":"CVE-2025-27587 is a Minerva-style timing side-channel in OpenSSL's EVP_DigestSign implementation on the P-384 elliptic curve, affecting versions 3.0.0–3.3.2 exclusively on PowerPC architecture and is not exploitable on amd64 or arm64. In addition, the Datadog Agent image embeddeds OpenSSL in a version well above the stated affected range.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.120693Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.120692Z","vulnerability":{"name":"CVE-2025-27587"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.122082Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.122081Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T11:27:38.122081Z","vulnerability":{"name":"CVE-2026-5435"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.122386Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.122386Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-06-29T11:27:38.122386Z","vulnerability":{"name":"CVE-2026-4438"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.123029Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.123028Z","products":[{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"}],"status":"affected","timestamp":"2026-06-29T11:27:38.123028Z","vulnerability":{"name":"CVE-2022-3219"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.123142Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.123142Z","products":[{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"}],"status":"affected","timestamp":"2026-06-29T11:27:38.123142Z","vulnerability":{"name":"CVE-2025-1376"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.123211Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.12321Z","products":[{"@id":"pkg:pypi/pyjwt@2.12.1"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.12321Z","vulnerability":{"name":"CVE-2026-48522"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.123396Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.123396Z","products":[{"@id":"pkg:pypi/pyjwt@2.12.1"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.123396Z","vulnerability":{"name":"CVE-2026-48524"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.123445Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.123445Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.123445Z","vulnerability":{"name":"CVE-2026-11999"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.123623Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.123623Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.123623Z","vulnerability":{"name":"CVE-2026-12003"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.126041Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.126041Z","products":[{"@id":"pkg:golang/github.com/containerd/containerd@v1.7.30"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.126041Z","vulnerability":{"name":"CVE-2026-53488"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.126119Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.126119Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.126119Z","vulnerability":{"name":"CVE-2026-53612"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.123697Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.123697Z","products":[{"@id":"pkg:pypi/pyjwt@2.12.1"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.123696Z","vulnerability":{"name":"CVE-2026-48523"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.12375Z","impact_statement":"No Datadog Agent runtime code path invokes `sort` with any of the CVE conditions: all Go `sort` references are the in-memory standard library package, and the only system `sort` calls exist in build-time-only install scripts using simple `-r`/`-rn` flags on static, hardcoded inputs. Debian classifies this as \"unimportant\" (\"Crash in CLI tool, no security impact\") and Ubuntu as Low priority.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.12375Z","products":[{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.12375Z","vulnerability":{"name":"CVE-2025-5278"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.123802Z","impact_statement":"The Datadog Agent image embeds only perl-base and does not install libio-compress-perl or perl-modules.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.123802Z","products":[{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=perl"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/perl-base@5.38.2-3.2ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=perl"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.123801Z","vulnerability":{"name":"CVE-2025-15649"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.123923Z","impact_statement":"The Datadog Agent's Go binary uses Go's standard library `compress/zlib` (pure Go, no linkage to system libz), and Python's `zlib` module, while linking against system libz, does not expose `crc32_combine64` to Python userspace.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:27:38.123923Z","products":[{"@id":"pkg:deb/ubuntu/zlib1g@1%3A1.3.dfsg-3.1ubuntu2.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=zlib"},{"@id":"pkg:deb/ubuntu/zlib1g@1.3.dfsg-3.1ubuntu2.1?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:generic/zlib@1.3.1"},{"@id":"pkg:deb/ubuntu/zlib1g@1%3A1.3.dfsg-3.1ubuntu2.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=zlib"},{"@id":"pkg:deb/ubuntu/zlib1g@1.3.dfsg-3.1ubuntu2.1?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.123922Z","vulnerability":{"name":"CVE-2026-27171"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.124077Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.124077Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.124077Z","vulnerability":{"name":"CVE-2026-27456"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.125031Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.125031Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.125031Z","vulnerability":{"name":"CVE-2026-0864"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.125085Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.125085Z","products":[{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"}],"status":"affected","timestamp":"2026-06-29T11:27:38.125085Z","vulnerability":{"name":"CVE-2026-57062"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.125148Z","impact_statement":"The Datadog Agent ships only libsystemd0, a shared utility library for client-side systemd APIs such as sd_notify. The journald daemon binary is entirely absent from the image.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.125147Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.125147Z","vulnerability":{"name":"CVE-2026-40228"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.125243Z","impact_statement":"tic is a terminfo compiler, a build/development tool that the Datadog Agent never invokes. It has no reverse dependencies in the image and the agent's runtime dependency graph never calls it. The vulnerable code path in postprocess_termcap is only reachable by running tic with a crafted input file, which the agent process never does.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T11:27:38.125243Z","products":[{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.125243Z","vulnerability":{"name":"CVE-2025-6141"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.125454Z","impact_statement":"The Datadog Agent performs bzip2 decompression exclusively through Go's built-in compress/bzip2 standard library package, a pure Go implementation that makes no calls to libbz2 or any system bzip2 binary.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:27:38.125454Z","products":[{"@id":"pkg:deb/ubuntu/libbz2-1.0@1.0.8-5.1build0.1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libbz2-1.0@1.0.8-5.1build0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=bzip2"},{"@id":"pkg:deb/ubuntu/libbz2-1.0@1.0.8-5.1build0.1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libbz2-1.0@1.0.8-5.1build0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=bzip2"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.125453Z","vulnerability":{"name":"CVE-2026-42250"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.125514Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.125514Z","products":[{"@id":"pkg:pypi/paramiko@4.0.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.125514Z","vulnerability":{"name":"CVE-2026-44405"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.125853Z","impact_statement":"While libbpf1 version 1.3.0-2build2 is installed and IS vulnerable, the Datadog Agent does not use libbpf. Additionally, the vulnerability is disputed by maintainers as it requires root privileges to trigger.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:27:38.125853Z","products":[{"@id":"pkg:deb/ubuntu/libbpf1@1.3.0-2build2?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libbpf1@1%3A1.3.0-2build2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libbpf%401.3.0-2build2"},{"@id":"pkg:deb/ubuntu/libbpf1@1.3.0-2build2?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libbpf1@1%3A1.3.0-2build2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libbpf%401.3.0-2build2"}],"status":"not_affected","timestamp":"2026-06-29T11:27:38.125853Z","vulnerability":{"name":"CVE-2025-29481"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.12592Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.12592Z","products":[{"@id":"pkg:pypi/cryptography@46.0.6"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.12592Z","vulnerability":{"name":"GHSA-537c-gmf6-5ccf"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.12619Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.12619Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.12619Z","vulnerability":{"name":"CVE-2026-53613"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.126258Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.126258Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.126257Z","vulnerability":{"name":"CVE-2026-53614"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.12632Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.12632Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/bsdutils@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=1"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.12632Z","vulnerability":{"name":"CVE-2026-53615"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.126385Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.126385Z","products":[{"@id":"pkg:golang/github.com/containerd/containerd@v1.7.30"}],"status":"under_investigation","timestamp":"2026-06-29T11:27:38.126385Z","vulnerability":{"name":"CVE-2026-47262"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.128822Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.128822Z","products":[{"@id":"pkg:pypi/tuf@4.0.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.128822Z","vulnerability":{"name":"GHSA-qp9x-wp8f-qgjj"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:27:38.129708Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.129708Z","products":[{"@id":"pkg:pypi/setuptools@75.1.0?catalog_name=setuptools3\u0026download_url=https%3A%2F%2Fgithub.com%2Fpypa%2Fsetuptools%2Farchive%2Fv75.1.0.tar.gz\u0026checksum=sha256:514dc60688d3118c9883a3dd54a38b28128ea912c01ea325d6e204a93da3b524"}],"status":"affected","timestamp":"2026-06-29T11:27:38.129708Z","vulnerability":{"name":"CVE-2025-47273"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.38385Z","products":[{"@id":"pkg:golang/github.com/moby/spdystream@v0.5.0"}],"status":"fixed","timestamp":"2026-06-29T11:27:38.38385Z","vulnerability":{"name":"CVE-2026-35469"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:27:38.383874Z","products":[{"@id":"pkg:deb/ubuntu/dpkg@1.22.6ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/dpkg@1.22.6ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"fixed","timestamp":"2026-06-29T11:27:38.383874Z","vulnerability":{"name":"CVE-2026-2219"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246724Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114166Z","vulnerability":{"name":"CVE-2026-7383"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246734Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.115155Z","vulnerability":{"name":"CVE-2026-9076"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246744Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.115539Z","vulnerability":{"name":"CVE-2026-34182"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246748Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.116439Z","vulnerability":{"name":"CVE-2026-42767"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246752Z","products":[{"@id":"pkg:generic/openssl@3.5.6"}],"status":"affected","timestamp":"2026-06-29T11:27:38.11884Z","vulnerability":{"name":"CVE-2026-34181"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246755Z","products":[{"@id":"pkg:generic/openssl@3.5.6"}],"status":"affected","timestamp":"2026-06-29T11:27:38.11929Z","vulnerability":{"name":"CVE-2026-42769"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.24676Z","products":[{"@id":"pkg:generic/openssl@3.5.6"}],"status":"affected","timestamp":"2026-06-29T11:27:38.120361Z","vulnerability":{"name":"CVE-2026-42768"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246763Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.12128Z","vulnerability":{"name":"CVE-2026-45446"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246767Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.123096Z","vulnerability":{"name":"CVE-2026-42770"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:13:43.636624Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112586Z","vulnerability":{"name":"CVE-2026-7774"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:13:43.636629Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114129Z","vulnerability":{"name":"CVE-2026-9669"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"This is a false positive. The image ships embedded Python 3.13.14. Python 3.13.14 is the upstream release that contains the fix for this CVE, released 2026-06-09. The scanner is flagging the 3.13 branch without resolving the full patch version","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:13:43.636594Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T11:27:38.110598Z","vulnerability":{"name":"CVE-2026-7210"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:01:55.009674Z","products":[{"@id":"pkg:pypi/urllib3@2.6.3"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114085Z","vulnerability":{"name":"CVE-2026-44432"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:13:43.636632Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114207Z","vulnerability":{"name":"CVE-2026-3276"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:13:43.636637Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T11:27:38.115196Z","vulnerability":{"name":"CVE-2026-8328"}},{"action_statement":"This vulnerability was fixed in: 7.80.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:13:43.636645Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"affected","timestamp":"2026-06-29T11:27:38.121237Z","vulnerability":{"name":"CVE-2026-6019"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:01:55.009643Z","products":[{"@id":"pkg:pypi/urllib3@2.6.3"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112254Z","vulnerability":{"name":"CVE-2026-44431"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426704Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.113188Z","vulnerability":{"name":"CVE-2026-5260"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"CVE-2026-40226 is a container escape vulnerability in systemd-nspawn, a dedicated container-spawning binary. The Agent does not ship systemd-nspawn binary, or .nspawn config files, and does not use systemd as the init system.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:01:55.0097Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.15?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"affected","timestamp":"2026-06-29T11:27:38.125543Z","vulnerability":{"name":"CVE-2026-40226"}},{"action_statement":"This vulnerability was fixed in: 7.80.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:31:21.904646Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.111822Z","vulnerability":{"name":"CVE-2026-42504"}},{"action_statement":"This vulnerability was fixed in: 7.80.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:31:21.904676Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.11364Z","vulnerability":{"name":"CVE-2026-27145"}},{"action_statement":"This vulnerability was fixed in: 7.80.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:31:21.904682Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.116269Z","vulnerability":{"name":"CVE-2026-42507"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246667Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.110315Z","vulnerability":{"name":"CVE-2026-45447"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246698Z","products":[{"@id":"pkg:generic/openssl@3.5.6"}],"status":"affected","timestamp":"2026-06-29T11:27:38.110637Z","vulnerability":{"name":"CVE-2026-42764"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246703Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112172Z","vulnerability":{"name":"CVE-2026-34180"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246706Z","products":[{"@id":"pkg:generic/openssl@3.5.6"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112209Z","vulnerability":{"name":"CVE-2026-34183"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246719Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.113594Z","vulnerability":{"name":"CVE-2026-42766"}},{"action_statement":"This vulnerability was fixed in: 7.80.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:23:42.246731Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:generic/openssl@3.5.6"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.11481Z","vulnerability":{"name":"CVE-2026-45445"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426844Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.120784Z","vulnerability":{"name":"CVE-2026-39835"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426865Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.121417Z","vulnerability":{"name":"CVE-2026-39828"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426874Z","products":[{"@id":"pkg:golang/golang.org/x/net@v0.52.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.121908Z","vulnerability":{"name":"CVE-2026-42502"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426879Z","products":[{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-06-29T11:27:38.122914Z","vulnerability":{"name":"CVE-2026-41989"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426883Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.123522Z","vulnerability":{"name":"CVE-2026-42014"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426888Z","products":[{"@id":"pkg:golang/golang.org/x/sys@v0.42.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.125667Z","vulnerability":{"name":"CVE-2026-39824"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426868Z","products":[{"@id":"pkg:golang/golang.org/x/net@v0.52.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.121512Z","vulnerability":{"name":"CVE-2026-25681"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.42687Z","products":[{"@id":"pkg:golang/golang.org/x/net@v0.52.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.121707Z","vulnerability":{"name":"CVE-2026-27136"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426876Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"affected","timestamp":"2026-06-29T11:27:38.122332Z","vulnerability":{"name":"CVE-2026-44903"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418785Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.110888Z","vulnerability":{"name":"CVE-2026-39836"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418798Z","products":[{"@id":"pkg:golang/golang.org/x/net@v0.52.0"},{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.111369Z","vulnerability":{"name":"CVE-2026-33814"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418803Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112398Z","vulnerability":{"name":"CVE-2026-39820"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426709Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.113259Z","vulnerability":{"name":"CVE-2026-42015"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The datadog-agent uses docker exclusively as a client library. It never runs dockerd, never loads or exposes AuthZ plugins, and never executes the daemon-side authorization plugins where the vulnerability lives.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:42:50.418761Z","products":[{"@id":"pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible"}],"status":"affected","timestamp":"2026-06-29T11:27:38.110172Z","vulnerability":{"name":"CVE-2026-34040"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418791Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.111044Z","vulnerability":{"name":"CVE-2026-33811"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418795Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.111204Z","vulnerability":{"name":"CVE-2026-42499"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418902Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.115654Z","vulnerability":{"name":"CVE-2026-39826"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418917Z","products":[{"@id":"pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible"}],"status":"affected","timestamp":"2026-06-29T11:27:38.116579Z","vulnerability":{"name":"CVE-2026-33997"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418925Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.117127Z","vulnerability":{"name":"CVE-2026-39823"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418928Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.11732Z","vulnerability":{"name":"CVE-2026-42501"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418934Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"affected","timestamp":"2026-06-29T11:27:38.119699Z","vulnerability":{"name":"CVE-2026-40179"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418941Z","products":[{"@id":"pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible"}],"status":"affected","timestamp":"2026-06-29T11:27:38.12132Z","vulnerability":{"name":"CVE-2026-41567"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418886Z","products":[{"@id":"pkg:pypi/lxml@6.0.1"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114571Z","vulnerability":{"name":"CVE-2026-41066"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418912Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.115839Z","vulnerability":{"name":"CVE-2026-39825"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418945Z","products":[{"@id":"pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp@v0.16.0"},{"@id":"pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp@v1.40.0"},{"@id":"pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.40.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.122235Z","vulnerability":{"name":"CVE-2026-39882"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418949Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.122547Z","vulnerability":{"name":"CVE-2026-39817"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418963Z","products":[{"@id":"pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible"}],"status":"affected","timestamp":"2026-06-29T11:27:38.123987Z","vulnerability":{"name":"CVE-2026-41568"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418955Z","products":[{"@id":"pkg:golang/stdlib@1.25.9"}],"status":"affected","timestamp":"2026-06-29T11:27:38.122742Z","vulnerability":{"name":"CVE-2026-39819"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:50.418959Z","products":[{"@id":"pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible"}],"status":"affected","timestamp":"2026-06-29T11:27:38.123307Z","vulnerability":{"name":"CVE-2026-42306"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog Agent ships pip 26.0.1 inside the embedded Python environment but never invokes it at runtime. Pip is only used by the manual agent integration install/remove admin commands, which require root/admin privileges and source wheels either from Datadog's signed wheel repository (using --no-index --no-deps) or from a local wheel the operator explicitly trusts. In addition, the agent's pip wrapper hardcodes --disable-pip-version-check, which disables the self-update check that this vulnerability targets. The vulnerable code path cannot be triggered.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:01:55.009687Z","products":[{"@id":"pkg:pypi/pip@26.0.1"}],"status":"affected","timestamp":"2026-06-29T11:27:38.123585Z","vulnerability":{"name":"CVE-2026-6357"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"At the moment, there is no patch available that fixes this vulnerability. The Datadog Agent ships pip 26.0.1 inside the embedded Python environment but never invokes it at runtime. Pip is only used by the manual agent integration install/remove admin commands, which require root/admin privileges and source wheels either from Datadog's signed wheel repository (using --no-index --no-deps) or from a local path the operator explicitly trusts. The vulnerable archive-handling code path cannot be triggered by remote input.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:01:55.009694Z","products":[{"@id":"pkg:pypi/pip@26.0.1"}],"status":"affected","timestamp":"2026-06-29T11:27:38.123651Z","vulnerability":{"name":"CVE-2026-3219"}},{"action_statement":"This vulnerability was fixed in: 7.79.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog Agent ships the cryptography wheel as a transitive dependency of integrations-core but does not exercise the vulnerable code path. CVE-2026-39892 requires a non-contiguous Python buffer (a strided memoryview or a NumPy array with non-default strides) to be passed to a cryptography API that accepts the buffer protocol, such as Hash.update(). Neither the Agent nor any shipped Python integration constructs non-contiguous buffers as input to cryptography APIs, all usage feeds bytes, bytearray, or full-length memoryview objects (contiguous by construction) for TLS handshakes, X.509 validation, JWT signing, and hashing. A future version of the agent will contain the updated version of cryptography with the fix.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T11:50:03.671111Z","products":[{"@id":"pkg:pypi/cryptography@46.0.6"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114011Z","vulnerability":{"name":"CVE-2026-39892"}},{"action_statement":"This vulnerability was fixed in: 7.79.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:50:03.671161Z","products":[{"@id":"pkg:golang/github.com/containerd/containerd@v1.7.30"}],"status":"affected","timestamp":"2026-06-29T11:27:38.125961Z","vulnerability":{"name":"CVE-2026-46680"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.42662Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.110454Z","vulnerability":{"name":"CVE-2026-42009"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426651Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.11053Z","vulnerability":{"name":"CVE-2026-33846"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426656Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.110686Z","vulnerability":{"name":"CVE-2026-42010"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426701Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.113031Z","vulnerability":{"name":"CVE-2026-39831"}},{"action_statement":"This vulnerability was fixed in: 7.79.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:50:03.671142Z","products":[{"@id":"pkg:pypi/idna@3.13"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114619Z","vulnerability":{"name":"CVE-2026-45409"}},{"action_statement":"This vulnerability was fixed in: 7.79.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:50:03.671153Z","products":[{"@id":"pkg:deb/ubuntu/liblzma5@5.6.1%2Breally5.4.5-1ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/liblzma5@5.6.1%2Breally5.4.5-1ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=xz-utils"},{"@id":"pkg:deb/ubuntu/liblzma5@5.6.1%2Breally5.4.5-1ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/liblzma5@5.6.1%2Breally5.4.5-1ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=xz-utils"}],"status":"affected","timestamp":"2026-06-29T11:27:38.120949Z","vulnerability":{"name":"CVE-2026-34743"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426659Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.111698Z","vulnerability":{"name":"CVE-2026-39834"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog Agent and Cluster Agent embed github.com/prometheus/prometheus only as a Go library, they do not run the Prometheus server. Both CVEs require Prometheus's web.Handler to be instantiated and to serve an HTTP route (/-/config or /api/v1/status/config for CVE-2026-42151; /api/v1/read for CVE-2026-42154); neither route is registered by any Agent component. The agent/cluster agent binaries do not link storage/remote, storage/remote/azuread, or any Prometheus web/API code and the bundled OTel Collector (otel-agent) never calls prometheus.web.NewHandler / Handler.Run (indirect dependencies), never registers the Prometheus v1 API routes, and never loads an Azure AD remote-write OAuth configuration.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:46:40.426664Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"affected","timestamp":"2026-06-29T11:27:38.111995Z","vulnerability":{"name":"CVE-2026-42154"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426667Z","products":[{"@id":"pkg:generic/curl@8.19.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112052Z","vulnerability":{"name":"CVE-2026-5773"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426677Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112101Z","vulnerability":{"name":"CVE-2026-33845"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426687Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112313Z","vulnerability":{"name":"CVE-2026-46595"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.42669Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112632Z","vulnerability":{"name":"CVE-2026-3832"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426692Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112743Z","vulnerability":{"name":"CVE-2026-39832"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426695Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112869Z","vulnerability":{"name":"CVE-2026-39830"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426698Z","products":[{"@id":"pkg:generic/curl@8.19.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.112973Z","vulnerability":{"name":"CVE-2026-6253"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426755Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.113343Z","vulnerability":{"name":"CVE-2026-42508"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426767Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114264Z","vulnerability":{"name":"CVE-2026-46597"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426759Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.113454Z","vulnerability":{"name":"CVE-2026-39833"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426762Z","products":[{"@id":"pkg:golang/golang.org/x/net@v0.52.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.113854Z","vulnerability":{"name":"CVE-2026-39821"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426778Z","products":[{"@id":"pkg:generic/curl@8.19.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114669Z","vulnerability":{"name":"CVE-2026-7168"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426796Z","products":[{"@id":"pkg:generic/curl@8.19.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.115384Z","vulnerability":{"name":"CVE-2026-6276"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426771Z","products":[{"@id":"pkg:generic/curl@8.19.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114362Z","vulnerability":{"name":"CVE-2026-6429"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426775Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114405Z","vulnerability":{"name":"CVE-2026-3833"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426781Z","products":[{"@id":"pkg:generic/curl@8.19.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114862Z","vulnerability":{"name":"CVE-2026-5545"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426784Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.114922Z","vulnerability":{"name":"CVE-2026-39829"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426788Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.11524Z","vulnerability":{"name":"CVE-2026-42011"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426801Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.116198Z","vulnerability":{"name":"CVE-2026-42013"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426822Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.117729Z","vulnerability":{"name":"CVE-2026-42012"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog Agent and Cluster Agent embed github.com/prometheus/prometheus only as a Go library, they do not run the Prometheus server. Both CVEs require Prometheus's web.Handler to be instantiated and to serve an HTTP route (/-/config or /api/v1/status/config for CVE-2026-42151; /api/v1/read for CVE-2026-42154); neither route is registered by any Agent component. The agent/cluster agent binaries do not link storage/remote, storage/remote/azuread, or any Prometheus web/API code and the bundled OTel Collector (otel-agent) never calls prometheus.web.NewHandler / Handler.Run (indirect dependencies), never registers the Prometheus v1 API routes, and never loads an Azure AD remote-write OAuth configuration.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:46:40.426812Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"affected","timestamp":"2026-06-29T11:27:38.116466Z","vulnerability":{"name":"CVE-2026-42151"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426815Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"affected","timestamp":"2026-06-29T11:27:38.116678Z","vulnerability":{"name":"CVE-2026-5419"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426818Z","products":[{"@id":"pkg:generic/curl@8.19.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.116858Z","vulnerability":{"name":"CVE-2026-4873"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426824Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.117818Z","vulnerability":{"name":"CVE-2026-46598"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426829Z","products":[{"@id":"pkg:golang/golang.org/x/net@v0.52.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.119068Z","vulnerability":{"name":"CVE-2026-25680"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426837Z","products":[{"@id":"pkg:generic/curl@8.19.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.119249Z","vulnerability":{"name":"CVE-2026-7009"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426841Z","products":[{"@id":"pkg:golang/golang.org/x/crypto@v0.49.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.120418Z","vulnerability":{"name":"CVE-2026-39827"}},{"action_statement":"This vulnerability was fixed in: 7.79.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:46:40.426862Z","products":[{"@id":"pkg:golang/golang.org/x/net@v0.52.0"}],"status":"affected","timestamp":"2026-06-29T11:27:38.121078Z","vulnerability":{"name":"CVE-2026-42506"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.059457Z","impact_statement":"The product is not affected by CVE-2019-16294 as the vulnerable component SciLexer.dll is not present","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T11:24:27.059457Z","products":[{"@id":"pkg:generic/scintilla@4.4.6"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.059457Z","vulnerability":{"name":"CVE-2019-16294"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.060005Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.060005Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T11:24:27.060005Z","vulnerability":{"name":"CVE-2026-48095"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.060042Z","impact_statement":"The Datadog Agent has no MimeKit dependency and sends no SMTP mail","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.060042Z","products":[{"@id":"pkg:nuget/MimeKit@4.3.0.0"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.060042Z","vulnerability":{"name":"CVE-2026-30227"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.060069Z","impact_statement":"The detected artifact (`libpq.dll`) is the PostgreSQL client connection library bundled with the psycopg3 binary wheel and does not contain the vulnerable dump/restore code","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.060069Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.060069Z","vulnerability":{"name":"CVE-2025-8714"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.060232Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.060232Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.060232Z","vulnerability":{"name":"CVE-2026-2005"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.060265Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.060265Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.060265Z","vulnerability":{"name":"CVE-2026-2006"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.067089Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.067089Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T11:24:27.067089Z","vulnerability":{"name":"CVE-2026-48112"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.061858Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.061858Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.061858Z","vulnerability":{"name":"CVE-2026-2004"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.061889Z","impact_statement":"This vulnerability was fixed in v7.80.1. The agent embeds Python \u003e3.13.14 which is the patched version","justification":"","last_updated":"2026-06-29T11:24:27.061889Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"fixed","timestamp":"2026-06-29T11:24:27.061889Z","vulnerability":{"name":"CVE-2026-3087"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.062756Z","impact_statement":"CVE-2026-6479 is an uncontrolled recursion vulnerability in the PostgreSQL server-side SSL/GSS connection negotiation path. The Datadog Agent bundle the PostgreSQL client wire-protocol library","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.062756Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.062755Z","vulnerability":{"name":"CVE-2026-6479"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.06303Z","impact_statement":"CVE-2026-6473 is a PostgreSQL **server-side** integer wraparound vulnerability. The Datadog Agent does not ship or run a PostgreSQL server.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.06303Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.06303Z","vulnerability":{"name":"CVE-2026-6473"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.06352Z","impact_statement":"The detected artifact (`libpq.dll`) is the PostgreSQL client connection library bundled with the psycopg3 binary wheel and does not contain the vulnerable dump/restore code","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.06352Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.06352Z","vulnerability":{"name":"CVE-2025-8715"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.063579Z","impact_statement":"CVE-2026-6637 is a stack buffer overflow and SQL injection vulnerability in the PostgreSQL server-side `refint` contrib module, requiring an active PostgreSQL server with `refint` triggers installed to exploit which the Datadog agent does not embed.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.063579Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.063578Z","vulnerability":{"name":"CVE-2026-6637"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.064231Z","impact_statement":"The Datadog Agent does not ship or run a PostgreSQL server","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.064231Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.064231Z","vulnerability":{"name":"CVE-2026-6475"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.064681Z","impact_statement":"A server superuser would need to force the agent to call the non-existent lo_read() code path. However no code path in the agent ever calls PQfn() or any lo_* function.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T11:24:27.064681Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.064681Z","vulnerability":{"name":"CVE-2026-6477"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.065237Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.065237Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T11:24:27.065237Z","vulnerability":{"name":"CVE-2026-48092"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.065837Z","impact_statement":"This vulnerability detection is a false positive caused by overly broad CPE matching in vulnerability databases. The CVE does not apply to the Windows Datadog Agent.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.065837Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.065837Z","vulnerability":{"name":"CVE-2017-8806"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.066828Z","impact_statement":"This vulnerability cannot be exploited in the Datadog Agent container. MinGit is an unused component from the PowerShell base image with proper ACL protections. The container security model eliminates the attack surface required for exploitation.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:24:27.066828Z","products":[{"@id":"pkg:generic/msys2@3.6.7-fb42d71358dd896ab324c52970f7d03f9ab0dfe5"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.066828Z","vulnerability":{"name":"CVE-2022-37172"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.066861Z","impact_statement":"The agent uses libpq solely as an outbound client with no inbound libpq exposure.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:24:27.066861Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.066861Z","vulnerability":{"name":"CVE-2025-12818"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.06704Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.06704Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T11:24:27.06704Z","vulnerability":{"name":"CVE-2026-48101"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.067267Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.067267Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T11:24:27.067267Z","vulnerability":{"name":"CVE-2026-48103"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.06732Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.067319Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T11:24:27.067319Z","vulnerability":{"name":"CVE-2026-48111"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.067627Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.067627Z","products":[{"@id":"pkg:generic/sqlite3@3.53.0.0"},{"@id":"pkg:generic/sqlite@3.51.1"},{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=sqlite3"},{"@id":"pkg:generic/sqlite@3.23.2"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=sqlite3"}],"status":"under_investigation","timestamp":"2026-06-29T11:24:27.067626Z","vulnerability":{"name":"CVE-2026-11822"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.067768Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.067768Z","products":[{"@id":"pkg:generic/sqlite3@3.53.0.0"},{"@id":"pkg:generic/sqlite@3.51.1"},{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=sqlite3"},{"@id":"pkg:generic/sqlite@3.23.2"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libsqlite3-0@3.45.1-1ubuntu2.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=sqlite3"}],"status":"under_investigation","timestamp":"2026-06-29T11:24:27.067767Z","vulnerability":{"name":"CVE-2026-11824"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.067874Z","impact_statement":"CVE-2026-6478 is a covert timing-channel vulnerability in the PostgreSQL server's MD5 password-comparison routine during client authentication. The Datadog agent image does not ship or run a PostgreSQL server","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.067874Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.067874Z","vulnerability":{"name":"CVE-2026-6478"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.067898Z","impact_statement":"The Datadog Agent uses libpq as a client only and does not host PostgreSQL server code.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.067898Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.067897Z","vulnerability":{"name":"CVE-2026-2003"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.068061Z","impact_statement":"The vulnerability affects the `mimetypes` module's use of Unix-style paths on Windows. No agent code uses `mimetypes` and no local users exist in the container","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:24:27.068061Z","products":[{"@id":"pkg:generic/python@3.13.13"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.06806Z","vulnerability":{"name":"CVE-2024-3220"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.068205Z","impact_statement":"The Datadog Agent does not ship or run a PostgreSQL server","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.068205Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.068205Z","vulnerability":{"name":"CVE-2026-6638"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.069884Z","impact_statement":"The Datadog Agent contains no PostgreSQL server binaries. The agent bundles only the psycopg Python client library and its libpq dependency on Linux builds; the Windows build contains neither","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.069884Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.069883Z","vulnerability":{"name":"CVE-2026-6474"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.070461Z","impact_statement":"This vulnerability lives entirely in PostgreSQL's DDL privilege-checking code and has no client-library component. The Datadog Agent bundles only `libpq` a client wire-protocol library that contains no DDL authorization logic.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.070461Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.07046Z","vulnerability":{"name":"CVE-2026-6472"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.070508Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.070508Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T11:24:27.070508Z","vulnerability":{"name":"CVE-2026-48104"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.07056Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.07056Z","products":[{"@id":"pkg:generic/7-zip@25.01"}],"status":"affected","timestamp":"2026-06-29T11:24:27.07056Z","vulnerability":{"name":"CVE-2026-48102"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.071031Z","impact_statement":"No PostgreSQL server binary exists in the image.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.071031Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.07103Z","vulnerability":{"name":"CVE-2025-8713"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.071062Z","impact_statement":"CVE-2025-12817 is a server-side PostgreSQL CREATE STATISTICS missing authorization flaw. The Datadog Agent does not ship a PostgreSQL server","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.071062Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.071062Z","vulnerability":{"name":"CVE-2025-12817"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:24:27.071618Z","impact_statement":"The agent does not perform S/MIME message processing or X.509 certificate imports via email libraries","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:24:27.071618Z","products":[{"@id":"pkg:nuget/MimeKit@4.3.0.0"}],"status":"not_affected","timestamp":"2026-06-29T11:24:27.071618Z","vulnerability":{"name":"GHSA-gmc6-fwg3-75m5"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.185041Z","products":[{"@id":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x64@9.0.15"}],"status":"fixed","timestamp":"2026-06-29T11:24:27.185041Z","vulnerability":{"name":"CVE-2026-42899"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.18507Z","products":[{"@id":"pkg:nuget/System.Security.Cryptography.Xml@9.0.14"}],"status":"fixed","timestamp":"2026-06-29T11:24:27.18507Z","vulnerability":{"name":"CVE-2026-33116"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.185076Z","products":[{"@id":"pkg:nuget/System.Security.Cryptography.Xml@9.0.14"}],"status":"fixed","timestamp":"2026-06-29T11:24:27.185076Z","vulnerability":{"name":"CVE-2026-26171"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.185081Z","products":[{"@id":"pkg:nuget/Microsoft.NETCore.App.Runtime.win-x64@9.0.15"}],"status":"fixed","timestamp":"2026-06-29T11:24:27.185081Z","vulnerability":{"name":"CVE-2026-32175"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:24:27.185085Z","products":[{"@id":"pkg:nuget/Microsoft.WindowsDesktop.App.Runtime.win-x64@9.0.15"}],"status":"fixed","timestamp":"2026-06-29T11:24:27.185085Z","vulnerability":{"name":"CVE-2026-35433"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.847957Z","products":[{"@id":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x64@9.0.16"}],"status":"affected","timestamp":"2026-06-29T11:24:27.059932Z","vulnerability":{"name":"CVE-2026-45591"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T12:12:57.847992Z","products":[{"@id":"pkg:nuget/Microsoft.NETCore.App.Runtime.win-x64@9.0.16"}],"status":"affected","timestamp":"2026-06-29T11:24:27.065067Z","vulnerability":{"name":"CVE-2026-45491"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"CVE-2025-6965 is a memory corruption vulnerability in SQLite \u003c 3.50.2. The Datadog Windows agent image is not vulnerable: the embedded CPython build is explicitly pinned to SQLite 3.53.0, and the Go SQLite modules (mattn/go-sqlite3, modernc.org/sqlite, glebarez/go-sqlite) are gated behind LINUX_ONLY_TAGS and are never compiled into Windows builds. The only winsqlite3.dll present belongs to the Windows Server 2019 OS base layer which is never loaded by the agent process","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T11:50:56.552112Z","products":[{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:26:32.72827Z","vulnerability":{"name":"CVE-2025-6965"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:50:56.552151Z","products":[{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:26:32.733611Z","vulnerability":{"name":"CVE-2025-70873"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.926436Z","impact_statement":"The agent uses Java for JMXFetch which runs only trusted, administrator-installed code to gather metrics from JMX-enabled applications making the exploitation scenario described in this CVE inapplicable to the agent's use case.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:33:13.926436Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-06-29T11:33:13.926436Z","vulnerability":{"name":"CVE-2025-30749"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.9269Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.926899Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T11:33:13.926899Z","vulnerability":{"name":"CVE-2025-21587"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.926941Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.926941Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T11:33:13.926941Z","vulnerability":{"name":"CVE-2025-50106"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.926993Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.926993Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T11:33:13.926993Z","vulnerability":{"name":"CVE-2025-21502"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.92704Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.927039Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T11:33:13.927039Z","vulnerability":{"name":"CVE-2025-53066"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.92856Z","impact_statement":"Oracle's advisory explicitly exempts server-side Java deployments running trusted code and the Datadog Agent JMX fetcher is a server-side process running only the trusted jmxfetch.jar","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:33:13.92856Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-06-29T11:33:13.92856Z","vulnerability":{"name":"CVE-2026-21945"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.928646Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.928646Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T11:33:13.928646Z","vulnerability":{"name":"CVE-2025-50059"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.935676Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.935676Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T11:33:13.935676Z","vulnerability":{"name":"CVE-2025-30761"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.936145Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.936145Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T11:33:13.936145Z","vulnerability":{"name":"CVE-2025-30698"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.936311Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.936311Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"affected","timestamp":"2026-06-29T11:33:13.936311Z","vulnerability":{"name":"CVE-2026-22016"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.93646Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.93646Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T11:33:13.936459Z","vulnerability":{"name":"CVE-2025-53057"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.936756Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.936755Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"affected","timestamp":"2026-06-29T11:33:13.936755Z","vulnerability":{"name":"CVE-2026-34282"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.93857Z","impact_statement":"Oracle advisory explicitly excludes server deployments; AWT/JavaFX not used; UI:R unsatisfiable","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:33:13.93857Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-06-29T11:33:13.93857Z","vulnerability":{"name":"CVE-2026-21932"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.938634Z","impact_statement":"The Datadog Agent does not load or run untrusted Java code and is not a sandboxed Java runtime for customer applications. Accordingly, under normal and supported usage, Datadog has identified no viable exploit path for these vulnerabilities","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:33:13.938634Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-06-29T11:33:13.938634Z","vulnerability":{"name":"CVE-2025-30754"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.939856Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.939856Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"affected","timestamp":"2026-06-29T11:33:13.939856Z","vulnerability":{"name":"CVE-2026-22021"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.940204Z","impact_statement":"The UI:R (user interaction required) prerequisite is structurally unsatisfiable in a containerized agent service, and the attack path described targets sandboxed client deployments","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:33:13.940204Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-06-29T11:33:13.940203Z","vulnerability":{"name":"CVE-2026-21933"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.940246Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.940245Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"affected","timestamp":"2026-06-29T11:33:13.940245Z","vulnerability":{"name":"CVE-2026-22013"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.941626Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.941626Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-06-29T11:33:13.941626Z","vulnerability":{"name":"CVE-2026-21925"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.943096Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.943095Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"affected","timestamp":"2026-06-29T11:33:13.943095Z","vulnerability":{"name":"CVE-2026-22018"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.943454Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.943453Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"affected","timestamp":"2026-06-29T11:33:13.943453Z","vulnerability":{"name":"CVE-2026-23865"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.944106Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.944105Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"affected","timestamp":"2026-06-29T11:33:13.944105Z","vulnerability":{"name":"CVE-2026-22007"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:33:13.944197Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:33:13.944197Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"affected","timestamp":"2026-06-29T11:33:13.944197Z","vulnerability":{"name":"CVE-2026-34268"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:28:04.352229Z","impact_statement":"CVE-2018-10126 represents ZERO security risk to the Datadog Agent running on Ubuntu 24.04. Both Ubuntu and Debian security teams have assessed this as having no security impact, and the vulnerability cannot be reproduced in modern versions of the software.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-06-29T11:28:04.352229Z","products":[{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libjpeg-turbo"},{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libjpeg-turbo"}],"status":"not_affected","timestamp":"2026-06-29T11:28:04.352229Z","vulnerability":{"name":"CVE-2018-10126"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:28:04.363694Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:28:04.363694Z","products":[{"@id":"pkg:deb/ubuntu/libnss3@2%3A3.98-1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=nss"},{"@id":"pkg:deb/ubuntu/libnss3@3.98-1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026epoch=2"},{"@id":"pkg:deb/ubuntu/libnss3@2%3A3.98-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=nss"},{"@id":"pkg:deb/ubuntu/libnss3@3.98-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026epoch=2"}],"status":"affected","timestamp":"2026-06-29T11:28:04.363694Z","vulnerability":{"name":"CVE-2026-12318"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181141Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.614491Z","vulnerability":{"name":"CVE-2019-8457"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog agent runtime component (all Go Binaries) does not invoke the vulnerable component. PowerShell is only used at container start to run small init scripts in `entrypoint-ps1/` that do not touch `HtmlEncoder` / `UrlEncoder` / `JavaScriptEncoder`.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181146Z","products":[{"@id":"pkg:nuget/System.Text.Encodings.Web@5.0.0"}],"status":"affected","timestamp":"2026-06-29T11:34:21.614668Z","vulnerability":{"name":"CVE-2021-26701"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The agent's SQL Server monitoring capability uses completely different libraries (Python ADODB/ODBC) and is not affected by .NET SQL Client vulnerabilities. The vulnerable component is present but never invoked","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181226Z","products":[{"@id":"pkg:nuget/System.Data.SqlClient@4.8.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.618549Z","vulnerability":{"name":"CVE-2022-41064"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"CVE-2021-41355 ONLY affects Linux and macOS systems, NOT Windows. The vulnerability was detected in PowerShell's dependencies on a Windows container image where it poses ZERO risk","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:16:16.181153Z","products":[{"@id":"pkg:nuget/System.DirectoryServices.Protocols@5.0.0"}],"status":"affected","timestamp":"2026-06-29T11:34:21.614747Z","vulnerability":{"name":"CVE-2021-41355"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181156Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.614785Z","vulnerability":{"name":"CVE-2022-35737"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Agent doesn't use winsqlite3.dll as it bundles go-sqlite3 with SQLite.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181162Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.614875Z","vulnerability":{"name":"CVE-2018-20346"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181177Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.615121Z","vulnerability":{"name":"CVE-2020-11656"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by CVE-2018-20506 as the vulnerable FTS3 component is not present.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:16:16.181181Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.615215Z","vulnerability":{"name":"CVE-2018-20506"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181185Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.615309Z","vulnerability":{"name":"CVE-2019-19646"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Agent doesn't use winsqlite3.dll as it bundles go-sqlite3 with SQLite.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181187Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.615374Z","vulnerability":{"name":"CVE-2018-20505"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"PowerShell's Newtonsoft.Json is unused. No exploitation path exists for CVE-2024-21907 in the agent's actual operation.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181149Z","products":[{"@id":"pkg:nuget/Newtonsoft.Json@12.0.3"}],"status":"affected","timestamp":"2026-06-29T11:34:21.614699Z","vulnerability":{"name":"CVE-2024-21907"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181217Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.61714Z","vulnerability":{"name":"CVE-2020-15358"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181221Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.617206Z","vulnerability":{"name":"CVE-2020-13434"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181248Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.620892Z","vulnerability":{"name":"CVE-2020-13435"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181251Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.621156Z","vulnerability":{"name":"CVE-2020-13631"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.18119Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.615434Z","vulnerability":{"name":"CVE-2020-11655"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"This vulnerability poses ZERO risk to the Windows Datadog Agent because the CVE explicitly excludes Windows systems.","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:16:16.181193Z","products":[{"@id":"pkg:nuget/System.Drawing.Common@5.0.0"}],"status":"affected","timestamp":"2026-06-29T11:34:21.615497Z","vulnerability":{"name":"CVE-2021-24112"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Agent doesn't use winsqlite3.dll as it bundles go-sqlite3 with SQLite.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181196Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.615529Z","vulnerability":{"name":"CVE-2019-16168"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"PowerShell is used ONLY for container initialization, NOT runtime operations. No code path exposes vulnerability to untrusted input","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181198Z","products":[{"@id":"pkg:nuget/System.Formats.Asn1@5.0.0"}],"status":"affected","timestamp":"2026-06-29T11:34:21.615594Z","vulnerability":{"name":"CVE-2024-38095"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"While System.Security.Cryptography.Xml is present as a PowerShell dependency, the Datadog Agent has no code that could trigger this vulnerability","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181201Z","products":[{"@id":"pkg:nuget/System.Security.Cryptography.Xml@5.0.0"}],"status":"affected","timestamp":"2026-06-29T11:34:21.615623Z","vulnerability":{"name":"CVE-2022-34716"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The agent's SQL Server monitoring capability uses completely different libraries (Python ADODB/ODBC) and is not affected by .NET SQL Client vulnerabilities. The vulnerable component is present but never invoked","justification":"vulnerable_code_not_present","last_updated":"2026-06-29T12:16:16.181204Z","products":[{"@id":"pkg:nuget/System.Data.SqlClient@4.8.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.61565Z","vulnerability":{"name":"CVE-2024-0056"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181208Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.61568Z","vulnerability":{"name":"CVE-2023-7104"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181213Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.615801Z","vulnerability":{"name":"CVE-2020-13630"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181255Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.621628Z","vulnerability":{"name":"CVE-2020-13632"}},{"action_statement":"This vulnerability was fixed in: 7.80.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by CVE-2019-19645 as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-06-29T12:16:16.181258Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-06-29T11:34:21.62191Z","vulnerability":{"name":"CVE-2019-19645"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:42:43.313248Z","products":[{"@id":"pkg:golang/github.com/apache/thrift@v0.22.0"}],"status":"affected","timestamp":"2026-06-29T11:29:10.852634Z","vulnerability":{"name":"CVE-2026-41602"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.855344Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.855344Z","products":[{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"}],"status":"affected","timestamp":"2026-06-29T11:44:11.855343Z","vulnerability":{"name":"CVE-2026-40355"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.855471Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.855471Z","products":[{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"}],"status":"affected","timestamp":"2026-06-29T11:44:11.855471Z","vulnerability":{"name":"CVE-2026-40356"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.857651Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.85765Z","products":[{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"}],"status":"affected","timestamp":"2026-06-29T11:44:11.85765Z","vulnerability":{"name":"CVE-2026-11850"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.860654Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.860654Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T11:44:11.860654Z","vulnerability":{"name":"CVE-2026-11856"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.860682Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.860682Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T11:44:11.860682Z","vulnerability":{"name":"CVE-2026-8927"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.86154Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.86154Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T11:44:11.86154Z","vulnerability":{"name":"CVE-2026-10536"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.861571Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.861571Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T11:44:11.861571Z","vulnerability":{"name":"CVE-2026-12064"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.861605Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.861605Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T11:44:11.861605Z","vulnerability":{"name":"CVE-2026-8286"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.861633Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.861633Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T11:44:11.861633Z","vulnerability":{"name":"CVE-2026-8458"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.861663Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.861663Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T11:44:11.861662Z","vulnerability":{"name":"CVE-2026-8924"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.86169Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.86169Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T11:44:11.86169Z","vulnerability":{"name":"CVE-2026-8932"}},{"action_statement":"","action_statement_timestamp":"2026-06-29T11:44:11.861728Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:44:11.861728Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.9?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-06-29T11:44:11.861728Z","vulnerability":{"name":"CVE-2026-9547"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:53:24.679916Z","products":[{"@id":"pkg:golang/github.com/modelcontextprotocol/go-sdk@v1.3.1"}],"status":"affected","timestamp":"2026-06-29T11:44:11.85513Z","vulnerability":{"name":"CVE-2026-34742"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:53:24.679955Z","products":[{"@id":"pkg:golang/github.com/modelcontextprotocol/go-sdk@v1.3.1"}],"status":"affected","timestamp":"2026-06-29T11:44:11.857815Z","vulnerability":{"name":"CVE-2026-33252"}},{"action_statement":"This vulnerability was fixed in: 7.79.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-06-29T11:53:24.67999Z","products":[{"@id":"pkg:golang/github.com/modelcontextprotocol/go-sdk@v1.3.1"}],"status":"affected","timestamp":"2026-06-29T11:44:11.860492Z","vulnerability":{"name":"GHSA-q382-vc8q-7jhj"}}],"timestamp":"2026-05-15T16:48:58.005118235Z","tooling":"","version":25}