Alerts This Week
Warning Icon 1 1,003
Alerts This Week
Warning Icon 1 1,003

SUSE Apptainer Important DoS and Access Issues Fixed 2026-2609-1

suse
Calendar Grey June 24, 2026
Dist Suse Esm H88
SUSE security advisory addresses 19 issues in apptainer, detailing updates and fixes for critical security flaws.
An update that solves 19 vulnerabilities can now be installed.

Summary

## This update for apptainer fixes the following issues * CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal (bsc#1264177). * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260311). * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265844). * CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262956). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only

Topics%20covered

Topics Covered

security advisory denial of service access control important information disclosure apptainer

References

* bsc#1260311

* bsc#1262956

* bsc#1264177

* bsc#1265844

* bsc#1266202

* bsc#1266656

* bsc#1267982

Cross-

* CVE-2026-24137

* CVE-2026-33186

* CVE-2026-33814

* CVE-2026-34986

* CVE-2026-39821

* CVE-2026-39827

* CVE-2026-39828

* CVE-2026-39829

* CVE-2026-39830

* CVE-2026-39831

* CVE-2026-39832

* CVE-2026-39833

* CVE-2026-39834

* CVE-2026-39835

* CVE-2026-42508

* CVE-2026-46595

* CVE-2026-46597

* CVE-2026-46598

* CVE-2026-48785

CVSS scores:

* CVE-2026-24137 ( SUSE ): 6.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2026-24137 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

* CVE-2026-24137 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

* CVE-2026-33186 ( SUSE ): 8.6

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2609-1
Release Date: 2026-06-24T08:46:20Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service access control important information disclosure apptainer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here