openSUSE Google Cloud SAP Agent Authorization Bypass Vulnerability CVE-2026-33186

openSUSE Google Cloud SAP Agent Authorization Bypass Vulnerability CVE-2026-33186

First seen 8 Apr 2026, 00:58 UTC Linuxsecurity 95% similarity 70.5

Article Content

Browse articles
ThreatCluster

A critical vulnerability (CVE-2026-33186) has been identified in the google-cloud-sap-agent version 3.12, affecting multiple SUSE systems including openSUSE Leap 15.6 and various Public Cloud Modules. The flaw allows for an authorization bypass due to improper validation of the HTTP/2 path pseudo-header, which could potentially enable unauthorized access to sensitive resources. This vulnerability was published on March 20, 2026, and a proof of concept (PoC) was made available on April 7, 2026. The CVSS score for this vulnerability is reported as high, with values ranging from 8.1 to 9.1 across different sources. Users are advised to apply the latest patches immediately to mitigate the risk of exploitation. Affected products include openSUSE Leap and several SUSE Linux Enterprise Server versions. The patch includes various improvements and fixes to enhance the overall reliability of the SAP Agent.

Key Points: • CVE-2026-33186 allows authorization bypass in google-cloud-sap-agent 3.12. • Affected systems include openSUSE Leap 15.6 and multiple SUSE Cloud Modules. • Immediate patching is recommended due to the availability of a PoC for exploitation.

ThreatCluster AI

Timeline

2026-03-20
CVE-2026-33186 published
2026-04-07
First public PoC released
2026-04-07
Patch for google-cloud-sap-agent released

Community

Browse all →