OpenSUSE recently released a set of security updates for its Tumbleweed distribution that address multiple flaws across several important packages. The patches specifically target the Go programming environment, the Qt6 SVG rendering library, Mozilla Thunderbird, and the assimp development toolkit. Several of these issues carry CVSS scores near or above 7.5, creating serious risks like remote code execution or service disruption if left unpatched. IT teams should prioritize installing these fixes to protect their systems from the newly disclosed exploits.

openSUSE-SU-2026:10741-1: moderate: go1.26-1.26.3-1.1 on GA media
openSUSE-SU-2026:10742-1: moderate: libQt6Svg6-6.11.0-2.1 on GA media
openSUSE-SU-2026:10738-1: moderate: MozillaThunderbird-140.10.2-1.1 on GA media
openSUSE-SU-2026:10739-1: moderate: assimp-devel-6.0.5-2.1 on GA media

openSUSE-SU-2026:10741-1: moderate: go1.26-1.26.3-1.1 on GA media

# go1.26-1.26.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10741-1
Rating: moderate

Cross-References:

* CVE-2026-33811
* CVE-2026-33814
* CVE-2026-39817
* CVE-2026-39819
* CVE-2026-39820
* CVE-2026-39823
* CVE-2026-39825
* CVE-2026-39826
* CVE-2026-39836
* CVE-2026-42499
* CVE-2026-42501

CVSS scores:

* CVE-2026-33811 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39817 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-39819 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-39820 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39823 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39825 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-39826 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39836 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42499 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42501 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 11 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the go1.26-1.26.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* go1.26 1.26.3-1.1
* go1.26-doc 1.26.3-1.1
* go1.26-libstd 1.26.3-1.1
* go1.26-race 1.26.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33811.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39817.html
* https://www.suse.com/security/cve/CVE-2026-39819.html
* https://www.suse.com/security/cve/CVE-2026-39820.html
* https://www.suse.com/security/cve/CVE-2026-39823.html
* https://www.suse.com/security/cve/CVE-2026-39825.html
* https://www.suse.com/security/cve/CVE-2026-39826.html
* https://www.suse.com/security/cve/CVE-2026-39836.html
* https://www.suse.com/security/cve/CVE-2026-42499.html
* https://www.suse.com/security/cve/CVE-2026-42501.html

openSUSE-SU-2026:10742-1: moderate: libQt6Svg6-6.11.0-2.1 on GA media

# libQt6Svg6-6.11.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10742-1
Rating: moderate

Cross-References:

* CVE-2026-6210

CVSS scores:

* CVE-2026-6210 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-6210 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libQt6Svg6-6.11.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libQt6Svg6 6.11.0-2.1
* libQt6SvgWidgets6 6.11.0-2.1
* qt6-svg-devel 6.11.0-2.1
* qt6-svg-examples 6.11.0-2.1
* qt6-svg-private-devel 6.11.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-6210.html

openSUSE-SU-2026:10738-1: moderate: MozillaThunderbird-140.10.2-1.1 on GA media

# MozillaThunderbird-140.10.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10738-1
Rating: moderate

Cross-References:

* CVE-2026-8090
* CVE-2026-8092
* CVE-2026-8094

CVSS scores:

* CVE-2026-8090 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-8092 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-8094 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the MozillaThunderbird-140.10.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaThunderbird 140.10.2-1.1
* MozillaThunderbird-openpgp-librnp 140.10.2-1.1
* MozillaThunderbird-translations-common 140.10.2-1.1
* MozillaThunderbird-translations-other 140.10.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-8090.html
* https://www.suse.com/security/cve/CVE-2026-8092.html
* https://www.suse.com/security/cve/CVE-2026-8094.html

openSUSE-SU-2026:10739-1: moderate: assimp-devel-6.0.5-2.1 on GA media

# assimp-devel-6.0.5-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10739-1
Rating: moderate

Cross-References:

* CVE-2025-70067

CVSS scores:

* CVE-2025-70067 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-70067 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the assimp-devel-6.0.5-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* assimp-devel 6.0.5-2.1
* libassimp6 6.0.5-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-70067.html