Docker Container Image Exposed to High-Severity glibc Vulnerability (CVE-2026-0861)

A critical security flaw has been identified within a container image, exposing it to a high-severity vulnerability in the GNU C Library (glibc). The vulnerability, tracked as CVE-2026-0861, is an integer overflow in the `memalign` function that can lead to heap corruption. Automated code scanning tools have flagged this specific CVE twice within the project's Docker build process, indicating its presence across multiple build stages. A maliciously crafted allocation size could trigger the overflow, corrupting the heap and creating a pathway for potential arbitrary code execution.

The root cause lies in the vulnerable version of glibc included in the container's base image. The issue is not isolated; security scans also reveal the image contains multiple other glibc vulnerabilities of varying severity. These include CVE-2026-0915, a medium-severity information disclosure flaw, CVE-2025-15281 concerning uninitialized memory, and several older, lower-severity CVEs. The presence of these concurrent vulnerabilities significantly amplifies the container's attack surface.

The proposed remediation is to upgrade the base image to a version where glibc has been patched for CVE-2026-0861, which would also resolve the accompanying vulnerabilities. This fix requires modifying the project's `Dockerfile` and any associated build configurations. The discovery underscores the persistent risk of inheriting unpatched system libraries from base images, a common vector for supply chain attacks that can compromise entire application deployments built on these containers.