## Posterizarr Container Image Exposes High-Severity OpenSSL Vulnerability (CVE-2026-28390)
A high-severity security vulnerability has been flagged in the latest container image for Posterizarr, a homelab media tool. The automated scan reveals an active exposure to CVE-2026-28390, a flaw in the OpenSSL library that can lead to a Denial of Service (DoS) attack. This vulnerability, present in the `libcrypto3` package version 3.5.5-r0, represents a direct risk to the stability and availability of any service running the affected container.

The specific image, `ghcr.io/fscorrupt/posterizarr:latest`, was scanned on April 10, 2026, by the RedFlag automated security tool. The vulnerability stems from a NULL pointer dereference in OpenSSL, a critical cryptographic library. While no critical vulnerabilities were found, this single high-severity issue is significant because it resides in a core dependency used for secure communications. The flaw has been patched in the upstream `libcrypto3` version 3.5.6-r0, but the Posterizarr image remains on the vulnerable version, leaving deployments exposed until the base image is updated or rebuilt.

This finding underscores the persistent security risks in community-maintained container ecosystems, especially for homelab and self-hosted software. For users running Posterizarr, the vulnerability creates a tangible pressure point, as an exploit could crash the service. It signals the need for immediate scrutiny of container dependencies and highlights the critical role of automated scanning in identifying such risks before they are exploited in the wild. The responsibility now falls on the image maintainer to integrate the fixed package and for end-users to monitor for an updated, secure release.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: cybersecurity, container-security, openssl, vulnerability, homelab
- **Credibility**: unverified
- **Published**: 2026-04-13 04:22:38
- **ID**: 61258
- **URL**: https://whisperx.ai/en/intel/61258