OPENSUSE-SU-2026:20239-1

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2025-61140 CVE-2026-1615 CVE-2026-25547

Published: 17 Feb 2026, 09:54

Last modified:23 Mar 2026, 04:54

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

17 Feb 2026, 09:54

Published

Vulnerability first disclosed

23 Mar 2026, 04:54

Last Modified

Vulnerability information updated

Description

Security update for golang-github-prometheus-prometheus This update for golang-github-prometheus-prometheus fixes the following issues: - CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. (bsc#1257841) - CVE-2026-1615: Fixed arbitrary code injection due to unsafe evaluation of user-supplied JSON Path expressions in jsonpath. (bsc#1257897) - CVE-2025-61140: Fixed a function vulnerable to prototype pollution in jsonpath. (bsc#1257442)

Affected Systems

opensuse•golang-github-prometheus-prometheus&distro=openSUSE Leap 16.0
< 3.5.0-160000.2.1

OPENSUSE-SU-2026:20239-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (6)