SUSE-SU-2026:20574-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 17 Feb 2026, 09:51
Last modified:05 May 2026, 08:00
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Feb 2026, 09:51
Published
Vulnerability first disclosed
05 May 2026, 08:00
Last Modified
Vulnerability information updated
Description
Security update for golang-github-prometheus-prometheus This update for golang-github-prometheus-prometheus fixes the following issues: - CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. (bsc#1257841) - CVE-2026-1615: Fixed arbitrary code injection due to unsafe evaluation of user-supplied JSON Path expressions in jsonpath. (bsc#1257897) - CVE-2025-61140: Fixed a function vulnerable to prototype pollution in jsonpath. (bsc#1257442)
Affected Systems
- suse•golang-github-prometheus-prometheus&distro=SUSE Linux Enterprise Server 16.0
< 3.5.0-160000.2.1
- suse•golang-github-prometheus-prometheus&distro=SUSE Linux Enterprise Server for SAP applications 16.0
< 3.5.0-160000.2.1
References (7)
- https://www.suse.com/support/update/announcement/2026/suse-su-202620574-1/
- https://bugzilla.suse.com/1257442
- https://bugzilla.suse.com/1257841
- https://bugzilla.suse.com/1257897
- https://www.suse.com/security/cve/CVE-2025-61140
- https://www.suse.com/security/cve/CVE-2026-1615
- https://www.suse.com/security/cve/CVE-2026-25547