Back

openSUSE Google Cloud SAP Agent Authorization Bypass Vulnerability CVE-2026-33186

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Summary

A critical vulnerability (CVE-2026-33186) has been identified in the google-cloud-sap-agent version 3.12, affecting multiple SUSE systems including openSUSE Leap 15.6 and various Public Cloud Modules. The flaw allows for an authorization bypass due to improper validation of the HTTP/2 path pseudo-header, which could potentially enable unauthorized access to sensitive resources. This vulnerability was published on March 20, 2026, and a proof of concept (PoC) was made available on April 7, 2026. The CVSS score for this vulnerability is reported as high, with values ranging from 8.1 to 9.1 across different sources. Users are advised to apply the latest patches immediately to mitigate the risk of exploitation. Affected products include openSUSE Leap and several SUSE Linux Enterprise Server versions. The patch includes various improvements and fixes to enhance the overall reliability of the SAP Agent. Key Points: • CVE-2026-33186 allows authorization bypass in google-cloud-sap-agent 3.12. • Affected systems include openSUSE Leap 15.6 and multiple SUSE Cloud Modules. • Immediate patching is recommended due to the availability of a PoC for exploitation.

Key Entities

  • CVE-2026-33186 (cve)
  • google.golang.org (domain)
  • Google-cloud-sap-agent (platform)
  • OpenSUSE Leap 15.6 (platform)
  • Public Cloud Module 15-sp4 (platform)
  • Public Cloud Module 15-sp5 (platform)
  • Public Cloud Module 15-sp6 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed