openSUSE helm Important Privilege Escalation Flaw 2026-20994-1
opensuse
June 30, 2026
An update that solves one vulnerability and has one bug fix can now be installed.
Description
This update for helm fixes the following issue
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266598).
Changes for helm:
- Update to version 3.21.1:
* Fixed nil pointer panic that could happen with helm template in
ClientOnly flows. Now correctly returns a template error #31920
* Bumped golang.org/x/net to v0.55.0 to address GO-2026-5026
#32152
* Bumped Go from 1.25 to 1.26 #32168
* Dependency version updates
- chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1
- chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0
- chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0
- chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0
- chore(deps): bump github.com/lib/pq from 1.11.2 to 1.12.3
- chore(deps): bump github.com/distribution/distribution/v3
- chore(deps): bump github.com/containerd/containerd from
1.7.30 to 1.7.32
-...
Read the Full Advisory
Topics Covered
Patch
Package List
- openSUSE Leap 16.0:
helm-3.21.1-160000.1.1
helm-bash-completion-3.21.1-160000.1.2
helm-fish-completion-3.21.1-160000.1.2
helm-zsh-completion-3.21.1-160000.1.2
References
* bsc#1266598
References:
* https://www.suse.com/security/cve/CVE-2026-39821.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2026:20994-1
Rating: important
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!