Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for alloy fixes the following issues * CVE-2026-10722: github.com/cilium/ebpf: BTF string offset boundary check can lead to crash when parsing malformed ELF/BTF input (bsc#1267811). * CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files (bsc#1267185). * CVE-2026-33532: denial of service via deeply nested YAML document parsing (bsc#1260981). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266654). * CVE-2026-39827,CVE-2026-39828,CVE-2026-39829,CVE-2026-39830,CVE-2026-39831,CVE-2026-39832,CVE-2026-39833,
* bsc#1260981
* bsc#1265440
* bsc#1266196
* bsc#1266654
* bsc#1267185
* bsc#1267333
* bsc#1267481
* bsc#1267485
* bsc#1267488
* bsc#1267489
* bsc#1267811
Cross-
* CVE-2026-10722
* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-27136
* CVE-2026-33532
* CVE-2026-39821
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-41889
* CVE-2026-42502
* CVE-2026-42506
* CVE-2026-42508
* CVE-2026-44740
* CVE-2026-45678
* CVE-2026-45682
* CVE-2026-45685
* CVE-2026-45686
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598
CVSS scores:
* CVE-2026-10722 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Get the latest Linux and open source security news straight to your inbox.