Alerts This Week
Warning Icon 1 1,229
Alerts This Week
Warning Icon 1 1,229

Fedora 43 Goose Critical DNS Rebinding Threat Fix 2026-08bb036c3e

fedora
Calendar Grey June 25, 2026
Dist Fedora Esm H88
Address critical update for Goose on Fedora 43 to fix a serious DNS rebinding issue impacting server access.
Update goose to 1.36.0

Summary

Goose is your on-machine AI agent, capable of automating complex development

tasks from start to finish. More than just code suggestions, goose can build

entire projects from scratch, write and execute code, debug failures,

orchestrate workflows, and interact with external APIs - autonomously.

Whether you're prototyping an idea, refining existing code, or managing

intricate engineering pipelines, goose adapts to your workflow and executes

tasks with precision.

Designed for maximum flexibility, goose works with any LLM and supports

multi-model configuration to optimize performance and cost, seamlessly

integrates with MCP servers, and is available as both a desktop app as well as

CLI - making it the ultimate AI assistant for developers who want to move

faster and focus on innovation.

Update Information:

Update goose to 1.36.0

Topics%20covered

Topics Covered

security advisory unauthorized access fedora critical DNS rebinding goose

Change Log

* Wed Jun 17 2026 Sam Doran - 1.36.0-1 - Update goose to 1.36.0

References


[ 1 ] Bug #2477786 - CVE-2026-42559 goose: rmcp: Unauthorized access to MCP server via DNS rebinding vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477786 [ 2 ] Bug #2477787 - CVE-2026-42559 goose: rmcp: Unauthorized access to MCP server via DNS rebinding vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477787

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-08bb036c3e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: goose
Product: Fedora 43
Version: 1.36.0
Release: 1.fc43
URL: https://github.com/block/goose
Summary: Extensible AI agent client

Topics%20covered

Topics Covered

security advisory unauthorized access fedora critical DNS rebinding goose

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here