cAdvisor analyzes resource usage and performance characteristics of running containers.

cAdvisor

Packer is a software for creating identical machine images or containers for multiple platforms from a single source configuration.

Packer

HashiCorp's Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other sensitive resources in modern data centers. For each resource, Vault handles leasing, revocation, rolling, and auditing.

HashiCorp Vault

Prometheus is an open-source monitoring system with a dimensional data model, flexible query language, efficient time series database, and modern alerting approach.

Prometheus

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application's services. Then, with a single command, you create and start all the services from your configuration. Compose works in all environments: production, staging, development, testing, as well as CI workflows.

Docker Compose

Podman is an open-source project that is available on most Linux platforms and resides on GitHub. Podman is a daemonless container engine for developing, managing, and running Open Container Initiative (OCI) containers and container images on your Linux system. Podman provides a Docker-compatible command line front end that can simply alias the Docker CLI, `alias docker=podman`.

Podman

Gitleaks is a fast and customizable scanner designed to find secrets using regex and entropy in Git repositories.

Gitleaks

Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real time. You can use CloudWatch to collect and track metrics, which are the variables you can measure for your resources and applications.

Amazon CloudWatch Agent

Tailscale is a user-friendly mesh VPN technology that provides secure, encrypted connections between devices and networks. It simplifies the process of setting up and managing VPNs for individuals and teams by utilizing the WireGuard protocol and single sign-on (SSO) integrations. Tailscale enables users to create a private network across multiple devices, platforms, and cloud environments, ensuring secure communication and easy access to resources without the need for complex configurations.

Tailscale

Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers.

Syncthing

Mkcert is a simple, zero-config tool to make locally trusted development certificates with any names you'd like.

Mkcert

MinIO is a high-performance object storage that is API compatible with Amazon S3 cloud storage service. Use MinIO to build high-performance infrastructure for machine learning, analytics, and application data workloads.

MinIO

Gitea is an open-source forge software package for hosting software development version control using Git, as well as other collaborative features like bug tracking, wikis, and code review.

Gitea

SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI, and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, and PGP.

SOPS

Atlantis is an application for automating Terraform via pull requests. It is deployed as a standalone application into your infrastructure.

Atlantis

Wolfi is a community Linux OS designed for the container and cloud-native era; it is a Linux distribution based on Alpine.

Wolfi

Chainguard is a Linux distribution based on Alpine. It's the commercial version of the Wolfi distro.

Chainguard

Cloudflared is a command-line tool developed by Cloudflare, used for creating secure, encrypted connections between a client and a server. It employs Argo Tunnel, which ensures data protection by sending it through Cloudflare's global network. This helps reduce latency, enhance performance, and eliminate the need to expose applications directly to the internet.

Cloudflared

Buildkite is a continuous integration and continuous deployment (CI/CD) platform that automates software testing and release processes. It enables developers to run pipelines across different source code repositories and infrastructure environments. Buildkite combines the benefits of on-premises infrastructure with a scalable, cloud-based platform for efficient software development workflows.

Buildkite Agent

Golang, or Go, is an open-source programming language developed by Google.

Golang

Grafana Tempo is a distributed tracing backend that is optimized for high-scale and high-cardinality tracing data. It provides a scalable and efficient way to collect, store, and analyze tracing information, enabling insights into the performance and behavior of distributed applications.

Grafana Tempo

Thanos is an open-source project that extends the functionality of the Prometheus monitoring system by adding features like high availability and long-term historical data storage. Built to meet the requirements of scalability and reliability, Thanos allows seamless access to Prometheus data across different databases. It also uses a highly efficient compression algorithm, resulting in cost-effective storage.

Thanos

The NVIDIA Container Toolkit is a set of libraries that provide capabilities for leveraging the full potentials of NVIDIA GPUs within containers. It allows GPU-accelerated applications to be defined as Docker containers, functioning as a lightweight, stand-alone, executable package.

NVIDIA Container Toolkit

Infisical CLI is a command-line interface tool for managing secrets and configuration in development and production environments. It allows developers to securely store, retrieve, and manage sensitive information such as API keys, passwords, and other configuration data. The CLI integrates with the Infisical platform, enabling teams to centralize and control access to their secrets across various projects and environments.

Infisical CLI

Kubescape CLI is an open-source Kubernetes security platform that helps identify and fix misconfigurations in Kubernetes clusters. It scans Kubernetes YAML files, Helm charts, and live clusters against various security frameworks and best practices. Kubescape CLI provides detailed risk scoring, compliance reports, and remediation suggestions to improve the security posture of Kubernetes environments.

Kubescape CLI

MinimOS is a minimalist operating system designed for simplicity and efficiency. It aims to provide only essential functionalities, making it lightweight and suitable for resource-constrained environments. MinimOS is often used in embedded systems or as a base for custom operating system development.

MinimOS

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Red Hat Enterprise Linux is a Linux distribution developed by Red Hat for the commercial market.

Linux Red Hat

Linux openSUSE

The Amazon Linux is a supported and maintained Linux image provided by Amazon Web Services for use on Amazon Elastic Compute Cloud (Amazon EC2).

Amazon Linux

Alpine Linux is a Linux distribution based on musl and BusyBox, designed for security, simplicity, and resource efficiency.

Linux Alpine

Echo is a secure, minimal Linux OS built vulnerability-free. It is fully compatible across environments and continuously patched - making it a clean, dependable base layer for modern applications. Echo is used by organizations focused on security and reliability, including those with compliance or FIPS requirements.

Echo

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-68121	CRITICAL	10	cAdvisor	delve	No	Yes	Feb 05, 2026
CVE-2026-33186	CRITICAL	9.1	cAdvisor	blob-csi-1.24	No	Yes	Mar 20, 2026
CVE-2026-25679	HIGH	7.5	cAdvisor	cloud-provider-aws-fips-1.32	No	Yes	Mar 06, 2026
CVE-2026-27142	MEDIUM	6.1	cAdvisor	eks-distro-fips-1.34	No	Yes	Mar 06, 2026
CVE-2026-27139	LOW	2.5	cAdvisor	dask-gateway	No	Yes	Mar 06, 2026

CVE-2026-27139:
cAdvisor vulnerability analysis and mitigation

2.5

Related cAdvisor vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-27139: cAdvisor vulnerability analysis and mitigation