OpenSUSE recently published a comprehensive set of moderate security patches aimed at hardening the Tumbleweed distribution against several newly discovered threats. These updates cover six distinct packages such as mcphost, apptainer, hauler, perl-YAML-Syck, rqlite, and jfrog-cli. Administrators will find that each release resolves between one and six separate flaws capable of causing system instability or unauthorized data exposure. Running your standard package manager to apply these fixes immediately remains the best way to protect your infrastructure from potential exploitation.

openSUSE-SU-2026:10845-1: moderate: mcphost-0.34.0-5.1 on GA media
openSUSE-SU-2026:10846-1: moderate: perl-YAML-Syck-1.450.0-4.1 on GA media
openSUSE-SU-2026:10842-1: moderate: apptainer-1.4.5-5.1 on GA media
openSUSE-SU-2026:10843-1: moderate: hauler-1.4.3-3.1 on GA media
openSUSE-SU-2026:10847-1: moderate: rqlite-10.1.0-1.1 on GA media
openSUSE-SU-2026:10844-1: moderate: jfrog-cli-2.104.1-1.1 on GA media

openSUSE-SU-2026:10845-1: moderate: mcphost-0.34.0-5.1 on GA media

# mcphost-0.34.0-5.1 on GA media

Announcement ID: openSUSE-SU-2026:10845-1
Rating: moderate

Cross-References:

* CVE-2026-33814
* CVE-2026-39827
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39835

CVSS scores:

* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the mcphost-0.34.0-5.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* mcphost 0.34.0-5.1
* mcphost-bash-completion 0.34.0-5.1
* mcphost-fish-completion 0.34.0-5.1
* mcphost-zsh-completion 0.34.0-5.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39835.html

openSUSE-SU-2026:10846-1: moderate: perl-YAML-Syck-1.450.0-4.1 on GA media

# perl-YAML-Syck-1.450.0-4.1 on GA media

Announcement ID: openSUSE-SU-2026:10846-1
Rating: moderate

Cross-References:

* CVE-2026-5089

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the perl-YAML-Syck-1.450.0-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* perl-YAML-Syck 1.450.0-4.1

## References:

* https://www.suse.com/security/cve/CVE-2026-5089.html

openSUSE-SU-2026:10842-1: moderate: apptainer-1.4.5-5.1 on GA media

# apptainer-1.4.5-5.1 on GA media

Announcement ID: openSUSE-SU-2026:10842-1
Rating: moderate

Cross-References:

* CVE-2024-45310
* CVE-2026-33814
* CVE-2026-39827
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39835

CVSS scores:

* CVE-2024-45310 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 6 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the apptainer-1.4.5-5.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* apptainer 1.4.5-5.1
* apptainer-leap 1.4.5-5.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45310.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39835.html

openSUSE-SU-2026:10843-1: moderate: hauler-1.4.3-3.1 on GA media

# hauler-1.4.3-3.1 on GA media

Announcement ID: openSUSE-SU-2026:10843-1
Rating: moderate

Cross-References:

* CVE-2026-39827
* CVE-2026-39834
* CVE-2026-42508
* CVE-2026-46597

CVSS scores:

* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the hauler-1.4.3-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* hauler 1.4.3-3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46597.html

openSUSE-SU-2026:10847-1: moderate: rqlite-10.1.0-1.1 on GA media

# rqlite-10.1.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10847-1
Rating: moderate

Cross-References:

* CVE-2026-33814

CVSS scores:

* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the rqlite-10.1.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* rqlite 10.1.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33814.html

openSUSE-SU-2026:10844-1: moderate: jfrog-cli-2.104.1-1.1 on GA media

# jfrog-cli-2.104.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10844-1
Rating: moderate

Cross-References:

* CVE-2025-11579

CVSS scores:

* CVE-2025-11579 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-11579 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the jfrog-cli-2.104.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* jfrog-cli 2.104.1-1.1
* jfrog-cli-bash-completion 2.104.1-1.1
* jfrog-cli-fish-completion 2.104.1-1.1
* jfrog-cli-zsh-completion 2.104.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11579.html