Back

SUSE and openSUSE Address Vulnerabilities in Google-Guest-Agent

Severity: Medium (Score: 57.8)

Sources: Linuxsecurity

Published: 2026-06-06 · Updated: 2026-06-06

Keywords: update, google-guest-agent, opensuse, tumbleweed, security, issues, package

Severity indicators: issue, security issue, rat

Summary

SUSE and openSUSE have released important security updates for the google-guest-agent. The updates address multiple vulnerabilities, including CVE-2026-33814 and CVE-2026-33186, which were published on May 7, 2026, and March 20, 2026, respectively. The updates include dependency updates and fixes for telemetry features. Affected systems include SUSE Linux Enterprise and openSUSE Tumbleweed. The vulnerabilities could potentially allow unauthorized access or information disclosure. Users are advised to update to the latest versions to mitigate risks. The updates were released on June 3, 2026, and are rated important for SUSE and moderate for openSUSE. The updates reflect ongoing efforts to secure the guest agent software used in cloud environments. Key Points: • SUSE and openSUSE released updates for google-guest-agent addressing critical vulnerabilities. • Key vulnerabilities include CVE-2026-33814 and CVE-2026-33186, which could lead to unauthorized access. • Users are urged to update their systems to the latest versions to mitigate security risks.

Detailed Analysis

**Impact** Users of SUSE Linux Enterprise Server (SLES) and openSUSE Tumbleweed running the google-guest-agent are affected by multiple security vulnerabilities. The issues impact systems globally where these distributions are deployed, potentially affecting cloud and virtualized environments relying on the agent for telemetry and guest management. The vulnerabilities carry CVSS scores up to 8.7, indicating moderate to high severity with possible operational disruptions but no explicit data breach details provided. **Technical Details** The vulnerabilities addressed include CVE-2026-33814 and CVE-2026-33186, involving outdated dependencies such as github.com/go-jose/go-jose and grpc libraries. Updates include upgrading Go to version 1.26.2 and backporting oslogin changes for SLES16. The attack vector is network-based with no privileges or user interaction required, affecting the agent’s telemetry and route monitoring components. No specific malware, TTPs, or IOCs were mentioned in the sources. **Recommended Response** Apply the SUSE update SUSE-SU-2026:21989-1 and the openSUSE Tumbleweed package google-guest-agent-20260529.00-1.1 immediately to mitigate the vulnerabilities. Verify that dependencies and Go runtime versions are updated as per the patches. Monitor telemetry and route monitoring logs for anomalies, and ensure that the RPM spec and packaging changes are correctly implemented to avoid build or deployment issues. No additional detection signatures or IOCs were provided.

Source articles (2)

  • SUSE Google-Guest-Agent Important Security Update 2026-21989 — Linuxsecurity · 2026-06-05
    ## This update for google-guest-agent fixes the following issues: Update to version 20260430.00 * Update THIRD_PARTY_LICENSES to be package specific location. (#608) * Update dependencies and go versi…
  • openSUSE Tumbleweed google-guest-agent Moderate Threat Fix 2026-10921 — Linuxsecurity · 2026-06-05
    These are all security issues fixed in the google-guest-agent-20260529.00-1.1 package on the GA media of openSUSE Tumbleweed. * openSUSE Tumbleweed: * google-guest-agent 20260529.00-1.1 * * * * * Get…

Timeline

  • 2025-02-26 — CVE-2025-22868 published: A vulnerability affecting google-guest-agent was disclosed, rated 7.5 CVSS.
  • 2025-02-26 — CVE-2025-22869 published: Another vulnerability affecting google-guest-agent was disclosed, rated 8.2 CVSS.
  • 2026-03-20 — CVE-2026-33186 published: A vulnerability in google-guest-agent was disclosed, with a public PoC released on April 7, 2026.
  • 2026-05-07 — CVE-2026-33814 published: A new vulnerability in google-guest-agent was disclosed, increasing security concerns.
  • 2026-06-03 — Security updates released for google-guest-agent: SUSE and openSUSE released important and moderate updates for google-guest-agent to address vulnerabilities.

CVEs

  • CVE-2025-22868
  • CVE-2025-22869
  • CVE-2026-33186
  • CVE-2026-33814

Related entities

  • google.golang.org (Domain)
  • go.opentelemetry.io (Domain)
  • Linux (Platform)
  • OpenSUSE (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed