openSUSE Tumbleweed just pushed out a moderate security fix for opam and its related development tools. This update tackles CVE-2026-41082, which scores around 5.1 on the CVSS scale depending on how you measure it. You should install the new packages right away to block any local exploitation attempts. The upgrade brings everything up to version 2.5.1 and patches the underlying security gap.

openSUSE-SU-2026:10568-1: moderate: opam-2.5.1-1.1 on GA media

openSUSE-SU-2026:10568-1: moderate: opam-2.5.1-1.1 on GA media

# opam-2.5.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10568-1
Rating: moderate

Cross-References:

* CVE-2026-41082

CVSS scores:

* CVE-2026-41082 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-41082 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the opam-2.5.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* opam 2.5.1-1.1
* opam-devel 2.5.1-1.1
* opam-installer 2.5.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41082.html