IsItPatchedInstant security status for any software version
← All products

Ubuntu

Canonical · Operating System
85/100 Good

Summary iPlain-English security verdict for Ubuntu, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Ubuntu currently scores 85/100 — good. 25 actively-exploited vulnerabilities (CISA KEV) affect older releases (e.g. CVE-2014-0160) — staying on the latest supported version keeps you clear of them. The latest supported release is 26.04. It's largely safe; apply minor updates as they appear. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".

Disclosure trend iNew CVEs published for Ubuntu each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

⚠ 2 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2014-0160 HIGH ● exploited Out-of-bounds read EPSS 94% → see advisory CVE-2017-12617 HIGH ● exploited Unrestricted file upload EPSS 94% → see advisory CVE-2014-6271 CRITICAL ● exploited OS command injection EPSS 94% → see advisory CVE-2016-5195 HIGH ● exploited CWE-362 EPSS 94% → see advisory CVE-2016-8735 CRITICAL ● exploited EPSS 94% → see advisory CVE-2016-3714 HIGH ● exploited Improper input validation EPSS 94% → see advisory CVE-2013-0422 CRITICAL ● exploited ⚠ ransomware Improper access control EPSS 94% → see advisory CVE-2013-2423 LOW ● exploited Improper access control EPSS 93% → see advisory CVE-2016-3427 CRITICAL ● exploited Improper access control EPSS 93% → see advisory CVE-2011-3544 CRITICAL ● exploited Improper access control EPSS 93% → see advisory CVE-2010-0840 CRITICAL ● exploited EPSS 92% → see advisory CVE-2016-3715 MEDIUM ● exploited CWE-552 EPSS 89% → see advisory

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Ubuntu release line is supported — and when it sunsets.

26.04 latest 26.04 Supported until 2031-04-30
25.10 latest 25.10 Supported until 2026-07-01
25.04 latest 25.04 End of life ended 2026-01-17
24.10 latest 24.10 End of life ended 2025-07-10
24.04 latest 24.04.4 Supported until 2029-05-31
23.10 latest 23.10 End of life ended 2024-07-12
23.04 latest 23.04 End of life ended 2024-01-20
22.10 latest 22.10 End of life ended 2023-07-20
22.04 latest 22.04.5 Supported until 2027-04-01
21.10 latest 21.10 End of life ended 2022-07-14
See all upcoming end-of-life dates →

ℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping

Last checked: Wed, 10 Jun 2026 22:18:30 UTC