Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

openSUSE mcphost Important Authorization Bypass Vulnerabilities 20788-1

opensuse
Calendar Grey May 25, 2026
Dist Opensuse Esm H88
Critical security update for mcphost on openSUSE fixes multiple vulnerabilities. Installation is advised promptly.
An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.

Description

This update for mcphost fixes the following issues

- CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data (Data

Amplification) in github.com/getkin/kin-openapi/openapi3filter (bsc#1264762).

- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in

response to a key listing or (bsc#1265274).

- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds

read (bsc#1265275).

- CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption

(bsc#1253952).

- CVE-2026-32285: github.com/buger/jsonparser: denial of service via malformed JSON input (bsc#1264759).

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-

header (bsc#1260224).

Changes for mcphost:

- Updated to version 0.34.0

* Features:

-...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service important OpenSUSE authorization bypass mcphost

Patch

Package List

- openSUSE Leap 16.0:

mcphost-0.34.0-160000.1.1

mcphost-bash-completion-0.34.0-160000.1.1

mcphost-fish-completion-0.34.0-160000.1.1

mcphost-zsh-completion-0.34.0-160000.1.1

References

* bsc#1253952

* bsc#1260224

* bsc#1264759

* bsc#1264762

* bsc#1265274

* bsc#1265275

References:

* https://www.suse.com/security/cve/CVE-2025-30153.html

* https://www.suse.com/security/cve/CVE-2025-47913.html

* https://www.suse.com/security/cve/CVE-2025-47914.html

* https://www.suse.com/security/cve/CVE-2025-58181.html

* https://www.suse.com/security/cve/CVE-2026-32285.html

* https://www.suse.com/security/cve/CVE-2026-33186.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20788-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory denial of service important OpenSUSE authorization bypass mcphost

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here