Ubuntu 18.x — End of Life

EOL Actively exploited
EOL: Jul 18, 20192 releases in this series22 CVEs

Ubuntu 18.x — All releases

VersionReleasedActive supportEOL dateLatest patchStatus
18.10Oct 18, 2018Jul 18, 2019Jul 18, 201918.10EOL
18.04LTSApr 26, 2018May 31, 2023May 31, 202318.04.6EOL

CVEs affecting Ubuntu 18.x (22)

CVESeverityCVSSEPSSKEVCycleDescriptionPublished
CVE-2026-31431HIGH7.896.27% KEV 18.04In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla…Apr 22, 2026
CVE-2026-31431HIGH7.896.27% KEV 18.10In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla…Apr 22, 2026
CVE-2026-3888HIGH7.80.38%18.04Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private …Mar 17, 2026
CVE-2022-0492HIGH7.85.53% KEV 18.04A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. Th…Mar 3, 2022
CVE-2020-29372MEDIUM4.70.39%18.04An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition betwee…Nov 28, 2020
CVE-2019-17571CRITICAL9.869.06%18.04Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be explo…Dec 20, 2019
CVE-2019-18197HIGH7.54.45%18.04In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the rel…Oct 18, 2019
CVE-2019-16168MEDIUM6.54.25%18.04In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missin…Sep 9, 2019
CVE-2019-13118MEDIUM5.35.15%18.04In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an in…Jul 1, 2019
CVE-2019-13117MEDIUM5.36.46%18.04In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumb…Jul 1, 2019
CVE-2019-11068CRITICAL9.85.09%18.10libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permi…Apr 10, 2019
CVE-2019-11068CRITICAL9.85.09%18.04libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permi…Apr 10, 2019
CVE-2019-7317MEDIUM5.39.39%18.04png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called und…Feb 4, 2019
CVE-2019-7317MEDIUM5.39.39%18.10png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called und…Feb 4, 2019
CVE-2019-6109MEDIUM6.83.81%18.10An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (o…Jan 31, 2019
CVE-2019-6109MEDIUM6.83.81%18.04An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (o…Jan 31, 2019
CVE-2018-10902HIGH7.80.52%18.04It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc …Aug 21, 2018
CVE-2018-13785MEDIUM6.54.47%18.04In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an i…Jul 9, 2018
CVE-2018-3639MEDIUM5.560.63%18.04Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres…May 22, 2018
CVE-2016-9842HIGH8.85.20%18.04The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact v…May 23, 2017
CVE-2016-9841CRITICAL9.87.55%18.04inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointe…May 23, 2017
CVE-2016-9840HIGH8.84.79%18.04inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper point…May 23, 2017

Ubuntu 18.x is EOL — migrate to Ubuntu 19.x

Ubuntu 19.x is the next major release. Plan your upgrade before Ubuntu 18.x stops receiving security patches.

See Ubuntu 19.x

Frequently asked questions

Is Ubuntu 18 end of life?

Yes. All Ubuntu 18.x releases have reached end of life and no longer receive security patches. There are 22 known CVEs affecting Ubuntu 18.x, including 4 critical. Migrate to Ubuntu 19.x as soon as possible.

What CVEs affect Ubuntu 18?

There are 22 CVEs tracked for Ubuntu 18.x, including 4 critical severity issues and 3 listed in the CISA Known Exploited Vulnerabilities catalog. See the full list above with CVSS and EPSS scores.

What is the latest Ubuntu 18 version?

The latest Ubuntu 18.x patch release is 18.10, released on October 18, 2018. Always run the latest patch to benefit from all security fixes.

How to migrate from Ubuntu 18 to Ubuntu 19?

To migrate from Ubuntu 18 to Ubuntu 19: (1) review the official Ubuntu 19 migration guide for breaking changes, (2) update dependencies and configuration accordingly, (3) test thoroughly in a staging environment, (4) deploy with a rollback plan. Starting early gives you time to resolve compatibility issues before your current version reaches end of life.

Is it safe to run Ubuntu 18 in production?

No. Ubuntu 18 has reached end of life and security vulnerabilities are no longer patched. Critically, 3 CVEs affecting Ubuntu 18.x are in the CISA KEV catalog — meaning they are actively exploited in the wild. Upgrade to a supported version immediately.

Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA

© 2026 EOLCanary — Data from endoflife.date & NVD
Explore