Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

openSUSE 2026 v2ray-core Important Authorization Bypass CVE-2026-33186

opensuse
Calendar Grey March 27, 2026
Dist Opensuse Esm H88
Discover how the latest openSUSE update for v2ray-core fixes critical issues preventing an authorization bypass vulnerability.
An update that fixes two vulnerabilities is now available.

Description

This update for v2ray-core fixes the following issues:

- Update version to 5.47.0

* Add sticky choice option for leastping

* Add support for enrollment links in tlsmirror

* Add Wireguard Outbound (unreleased)

* Add sticky choice option for leastping

* Generalize IP address parsing in TUN stack options

* Fix bugs

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to

improper validation of the HTTP/2 :path pseudo-header (boo#1260329)

- Update version to 5.44.1

* uTLS: bundled library updated to v1.8.2 for Chrome120 imitation

profile identification

* Update golang toolchain to v1.25.6, which fixed an vulnerable

(tls.Config).Clone function

* Fix bugs

- Update version to 5.42.0

* Add TLSMirror bootstrap enrollment and self enrollment feature

* TLSMirror Inverse Role Request Tripper Enrollment Server Support

- CVE-2025-47911: v2ray-core: golang.org/x/net/html: various...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-103=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

v2ray-core-5.47.0-bp157.2.6.1

- openSUSE Backports SLE-15-SP7 (noarch):

golang-github-v2fly-v2ray-core-5.47.0-bp157.2.6.1

References

https://www.suse.com/security/cve/CVE-2025-47911.html

https://www.suse.com/security/cve/CVE-2026-33186.html

https://bugzilla.suse.com/1251404

https://bugzilla.suse.com/1260329

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0103-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here