Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

SUSE 16.0 Helm Important Privilege Escalation Fix SUSE-SU-2026-22305-1

suse
Calendar Grey July 1, 2026
Dist Suse Esm H88
Critical security update for SUSE helm addresses privilege escalation risk with important solutions and patch instructions.
An update that solves one vulnerability can now be installed.

Summary

## This update for helm fixes the following issue * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266598). Changes for helm: * Update to version 3.21.1: * Fixed nil pointer panic that could happen with helm template in ClientOnly flows. Now correctly returns a template error #31920 * Bumped golang.org/x/net to v0.55.0 to address GO-2026-5026 #32152 * Bumped Go from 1.25 to 1.26 #32168 * Dependency version updates * chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1 * chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0 * chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0 * chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0

References

* bsc#1266598

Cross-

* CVE-2026-39821

CVSS scores:

* CVE-2026-39821 ( SUSE ): 9.1

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

* CVE-2026-39821 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected Products:

* SUSE Linux Enterprise Server 16.0

* SUSE Linux Enterprise Server for SAP applications 16.0

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2026-39821.html

* https://bugzilla.suse.com/show_bug.cgi?id=1266598

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:22305-1
Release Date: 2026-06-21T00:44:54Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here