elemental-operator (SUSE:Linux Micro 6.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Micro 6.0 package elemental-operator, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (16)
CVE-2026-39821 — CVSS 9.6 (critical): The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example…
CVE-2026-33186 — CVSS 9.1 (critical): gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input…
CVE-2025-22869 — CVSS 7.5 (high): SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key…
CVE-2026-33814 — CVSS 7.5 (high): When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a…
CVE-2025-47913 — CVSS 7.5 (high): SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
CVE-2025-22872 — CVSS 6.5 (medium): The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When…
CVE-2026-25681 — CVSS 6.1 (medium): Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS…
CVE-2026-27136 — CVSS 6.1 (medium): Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS…
CVE-2026-42506 — CVSS 6.1 (medium): Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS…
CVE-2026-42502 — CVSS 6.1 (medium): Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS…
CVE-2025-47914 — CVSS 5.3 (medium): SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the…
CVE-2025-58181 — CVSS 5.3 (medium): SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker…
CVE-2025-58190 — CVSS 5.3 (medium): The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of…
CVE-2025-47911 — CVSS 5.3 (medium): The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial…
CVE-2025-22870 — CVSS 4.4 (medium): Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY…