openSUSE Addresses Moderate DoS Vulnerability in python-Flask-HTTPAuth

Severity: Medium (Score: 45.9)

Sources: Linuxsecurity

Summary

openSUSE has released security updates for the python-Flask-HTTPAuth package to address CVE-2026-34531, which involves a denial-of-service (DoS) vulnerability due to the acceptance of empty tokens. This vulnerability affects users of openSUSE Backports for SLE-15-SP6 and SLE-15-SP7. The vulnerability was published on April 1, 2026, and could potentially allow attackers to exploit the flaw if not patched. Users are advised to apply the updates using recommended installation methods such as YaST online_update or 'zypper patch'. The updates include specific patch commands for both SLE-15-SP6 and SLE-15-SP7. The scope of impact is moderate, primarily affecting the stability of applications relying on this authentication method. Current status indicates that patches are available and users should implement them promptly to mitigate risks. Key Points: • CVE-2026-34531 addresses a DoS vulnerability in python-Flask-HTTPAuth. • Affected systems include openSUSE Backports for SLE-15-SP6 and SLE-15-SP7. • Patches are available and should be applied immediately to prevent exploitation.

Key Entities

• Denial of Service (attack_type)
• CVE-2026-34531 (cve)