Alerts This Week
Warning Icon 1 1,161
Alerts This Week
Warning Icon 1 1,161

SUSE aws-iam-authenticator Critical Patch for Security Issues 2026-2643-1

suse
Calendar Grey June 26, 2026
Dist Suse Esm H88
Critical update for aws-iam-authenticator in SUSE fixing multiple vulnerabilities including CORS bypass and privilege escalation.
An update that solves six vulnerabilities and has one security fix can now be installed.

Summary

## This update for aws-iam-authenticator fixes the following issues * CVE-2022-1996: CORS bypass (bsc#1200528). * CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass (bsc#1201395). * CVE-2024-39689: remove root certificates from `GLOBALTRUST` from the root store. * CVE-2025-47910: net/http: CrossOriginProtection bypass patterns are over- broad. * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265842). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266651). Changes for aws-iam-authenticator: * Update to version 0.7.18 * Merge pull request (#1062) from CaidenBorrego/new-release

Topics%20covered

Topics Covered

security advisory critical SuSE privilege escalation CORS bypass aws-iam-authenticator

References

* bsc#1200528

* bsc#1201395

* bsc#1227519

* bsc#1239947

* bsc#1249141

* bsc#1265842

* bsc#1266651

Cross-

* CVE-2022-1996

* CVE-2022-2385

* CVE-2024-39689

* CVE-2025-47910

* CVE-2026-33814

* CVE-2026-39821

CVSS scores:

* CVE-2022-1996 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2022-1996 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2022-1996 ( NVD ): 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

* CVE-2022-2385 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

* CVE-2022-2385 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-39689 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2024-39689 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2643-1
Release Date: 2026-06-26T08:35:07Z
Rating: critical

Topics%20covered

Topics Covered

security advisory critical SuSE privilege escalation CORS bypass aws-iam-authenticator

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here