openSUSE Leap 16.0 Security Alert on elemental-system-agent CVE-2026-33186
opensuse
June 9, 2026
An update that solves one vulnerability and has one bug fix can now be installed.
Description
This update for elemental-system-agent fixes the following issue
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260277).
Changes:
- Update to version 0.3.16:
* setup for immutable releases (#274)
* align system-agent image publishing for signed releases (#270)
* Bumo github.com/docker/cli to v29.2.0 and go.opentelemetry.io/otel to v1.43.0
* run go mod tidy in /test folder
* Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (bsc#1260277 CVE-2026-33186)
* Bump github.com/docker/cli in /test
* export CATTLE_NODE_NAME if SYSTEM_UPGRADE_NODE_NAME is set
* use correct prefix for system-agent binary (#273)
* checksum validation (#271)
* Add `validate` subcommand for configuration validation (#250)
* Update CODEOWNERS
* Pin GH Actions to commit sha
* chore: bump sles to 15.7
* Extend remote plan e2e tests
* Fix agent restart issue and introduce constants
* chore: bump go to v1.25
* Setup...
Read the Full Advisory
Patch
Package List
- openSUSE Leap 16.0:
elemental-system-agent-0.3.16-160000.1.1
References
* bsc#1260277
References:
* https://www.suse.com/security/cve/CVE-2026-33186.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2026:20924-1
Rating: important
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!