SUSE Elemental-Operator Significant Security Patch 2026-22066-1

suse

June 12, 2026

An update that solves nine vulnerabilities can now be installed.

Summary

## This update for elemental-operator fixes the following issue * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header (bsc#1260277). Changes for elemental-operator: * Fix substitution * Fix reference in labels * Adapt labels to pass OBS container checks * Update to version 1.6.11: * Bump unit test environment artifacts * Bump test environment tools in Makefile * Bump actions * Refresh auto-generated code (make run) * Bump controller generator to version 0.19 * Bump golangci/golangci-lint-action * Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186) * Update spec and Dockerfiles to use go1.25 * Bump golang.org/x/net to v0.55.0, includes fixes for: * bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679

Topics Covered

security advisory update SuSE important authorization bypass elemental operator

References

* bsc#1251679

* bsc#1260277

* bsc#1265921

* bsc#1266789

* bsc#1267168

* bsc#1267197

Cross-

* CVE-2025-58190

* CVE-2026-25680

* CVE-2026-25681

* CVE-2026-27136

* CVE-2026-33186

* CVE-2026-33814

* CVE-2026-39821

* CVE-2026-42502

* CVE-2026-42506

CVSS scores:

* CVE-2025-58190 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-58190 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-25680 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2026:22066-1

Release Date: 2026-06-10T08:13:10Z

Rating: important

Topics Covered

security advisory update SuSE important authorization bypass elemental operator

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE Elemental-Operator Significant Security Patch 2026-22066-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE Elemental-Operator Significant Security Patch 2026-22066-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!