Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE 2026-22075-1 Elemental-Operator Significant Authorization Bypass Issue

suse
Calendar Grey June 12, 2026
Dist Suse Esm H88
Security update for elemental-operator fixes nine vulnerabilities in SUSE Linux Micro 6.1 with important rating.
An update that solves nine vulnerabilities can now be installed.

Summary

## This update for elemental-operator fixes the following issue * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header (bsc#1260277). Changes for elemental-operator: * Changes on top of v1.7.5: * 41f54076 Fix reference in labels * 3bdb9321 Adapt labels to pass OBS container checks * Update to v1.7.5: * ecfa8d9c Bump unit test environment artifacts * 03803c72 Bump test environment tools in Makefile * bc886323 Update auto-generated code (make generate) * f4d26385 Bump controller generator to version 0.19 * a7fe515d Bump golangci/golangci-lint-action * b45c5e56 Bump to Dockerfiles and spec to go1.25 * a7d78295 Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)

Topics%20covered

Topics Covered

security advisory security update SuSE important authorization bypass elemental operator

References

* bsc#1251679

* bsc#1260277

* bsc#1265921

* bsc#1266789

* bsc#1267168

* bsc#1267197

Cross-

* CVE-2025-58190

* CVE-2026-25680

* CVE-2026-25681

* CVE-2026-27136

* CVE-2026-33186

* CVE-2026-33814

* CVE-2026-39821

* CVE-2026-42502

* CVE-2026-42506

CVSS scores:

* CVE-2025-58190 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-58190 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-58190 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-25680 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:22075-1
Release Date: 2026-06-10T07:45:47Z
Rating: important

Topics%20covered

Topics Covered

security advisory security update SuSE important authorization bypass elemental operator

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here