scout-cli icon indicating copy to clipboard operation
scout-cli copied to clipboard

Published 20 hours ago verified publisher icon docker

CVE-2025-26042 Still Listed as Open on Docker Scout Despite Being Fixed

Open marcschaeferger opened this issue 3 months ago • 3 comments

I would like to report an issue where CVE-2025-26042 is still marked as open/vulnerable on Docker Scout, even though this CVE has already been fixed.

Background

There were previously duplicate advisories for this vulnerability:

  • GitHub Advisory:
    GHSA-hx7h-9vf7-5xhg (current and authoritative, shows the issue as fixed)

  • Withdrawn GitHub Advisory:
    GHSA-3rw8-4xrq-3f7p (withdrawn as a duplicate of the above)

  • NIST & GitLab Advisories:

    • Both still reference CVE-2025-26042, but do not reflect the current fixed status like GitHub does.

Request

Please update the status of CVE-2025-26042 on Docker Scout and display the correct fixed/patched version in accordance with the GitHub advisory (GHSA-hx7h-9vf7-5xhg).

If further details or context are needed, please let me know!

Thank you!

marcschaeferger avatar Aug 07 '25 18:08 marcschaeferger