SUSE Prometheus Important Security Update 2026-1008-1 CVE-2026-1615

suse

March 25, 2026

An update that solves five vulnerabilities and contains two features can now be installed.

Summary

## This update for Prometheus fixes the following issues: golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter: * Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: * Security issues fixed: * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893) * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841) * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442) * CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329) * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing

Topics Covered

security advisory SuSE important cpu consumption arbitrary file write Prometheus

References

* bsc#1255588

* bsc#1257329

* bsc#1257442

* bsc#1257841

* bsc#1257897

* jsc#MSQA-1045

* jsc#PED-13824

Cross-

* CVE-2025-12816

* CVE-2025-13465

* CVE-2025-61140

* CVE-2026-1615

* CVE-2026-25547

CVSS scores:

* CVE-2025-12816 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

* CVE-2025-12816 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

* CVE-2025-13465 ( SUSE ): 8.8

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-13465 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

* CVE-2025-13465 ( NVD ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2026:1008-1

Release Date: 2026-03-25T10:08:17Z

Rating: important

Topics Covered

security advisory SuSE important cpu consumption arbitrary file write Prometheus

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE Prometheus Important Security Update 2026-1008-1 CVE-2026-1615

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE Prometheus Important Security Update 2026-1008-1 CVE-2026-1615

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!