Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE Linux Enterprise 16.0 Security Advisory 2026-21560-1 CVEs 33186 33540

suse
Calendar Grey May 11, 2026
Dist Suse Esm H88
Update SUSE fixes multiple critical issues including denial of service, ensuring enhanced security for users.
An update that solves four vulnerabilities, contains one feature and has one fix can now be installed.

Summary

## This update for distribution fixes the following issues Security issues: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260283). * CVE-2026-33540: information disclosure via improper validation of authentication realm URL (bsc#1261793). * CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262951). * CVE-2026-35172: information disclosure via stale references after content deletion (bsc#1262096). Non security issues: * add distribution-registry.tmpfiles (jsc#PED-14747). * distribution builds against go1.24 EOL (bsc#1259718). Changes for distribution: * update to 3.1.0 * Adds support for tag pagination

Topics%20covered

Topics Covered

security advisory denial of service SuSE important information disclosure authorization bypass

References

* bsc#1259718

* bsc#1260283

* bsc#1261793

* bsc#1262096

* bsc#1262951

* jsc#PED-14747

Cross-

* CVE-2026-33186

* CVE-2026-33540

* CVE-2026-34986

* CVE-2026-35172

CVSS scores:

* CVE-2026-33186 ( SUSE ): 8.6

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-33540 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2026-33540 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2026-34986 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21560-1
Release Date: 2026-05-06T00:34:11Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service SuSE important information disclosure authorization bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here