Moderate Vulnerability in python-idna Affects SUSE and openSUSE Systems

A security advisory has been issued for a moderate vulnerability (CVE-2026-45409) in the python-idna package, affecting SUSE Linux Micro 6.2 and openSUSE Leap 16.0. This vulnerability allows specially crafted inputs to the idna.encode() function to bypass previous security fixes. The issue has been confirmed by SUSE and is linked to bug report bsc#1265413. Users are advised to apply the latest patches to mitigate potential risks. The vulnerability was published on June 5, 2026, and both SUSE and openSUSE have released updates to address it. The CVSS score for the vulnerability is rated at 4.0, indicating a moderate level of risk. Users can install the updates using recommended methods such as YaST online_update or zypper patch.

Key Points: • CVE-2026-45409 allows input bypass in python-idna affecting SUSE and openSUSE. • Moderate CVSS score of 4.0 indicates a notable but not critical risk. • Users are urged to apply patches immediately to secure their systems.