Security update for cloudflared (important)

openSUSE security update: security update for cloudflared ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20893-1 Rating: important References: bsc1234582 bsc1239422 bsc1253918 bsc1265920 bsc1266794 Cross-References: CVE-2024-45337 CVE-2025-22869...

OPENSUSE-SU-2026:20893-1 Security update for cloudflared

This update for cloudflared fixes the following issues: Changes in cloudflared: - Update version to 2026.5.2 Add more information to proxy-dns removal message Update tail command to use /management/logs endpoint Add cloudflared management token command Fix bugs Update golang.org/x/net to 0.55.0...

cloudflared-2026.5.2-1.1 on GA media (moderate)

cloudflared-2026.5.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10908-1 Rating: moderate Cross-References: CVE-2026-33814 CVE-2026-39821 CVSS scores: CVE-2026-33814 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-39821 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:...

OPENSUSE-SU-2026:10908-1 cloudflared-2026.5.2-1.1 on GA media

These are all security issues fixed in the cloudflared-2026.5.2-1.1 package on the GA media of openSUSE Tumbleweed...

HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis

Summary Multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the matched substrings to an attacker-controlled endpoint and capture authentication. Details api/services/website/cacheAddress.js,...

PT-2026-7491

A stack-use-after-return issue exists in the Arduino Core STM32 library prior to version 1.7.0. The pwm start function allocates a TIM HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functi...

cloudflared-2025.11.1-1.1 on GA media (moderate)

cloudflared-2025.11.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15763-1 Rating: moderate Cross-References: CVE-2025-22869 CVE-2025-58181 CVSS scores: CVE-2025-22869 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-22869 SUSE : 8.2...

OPENSUSE-SU-2025:15763-1 cloudflared-2025.11.1-1.1 on GA media

These are all security issues fixed in the cloudflared-2025.11.1-1.1 package on the GA media of openSUSE Tumbleweed...

Unleashing the Kraken ransomware group

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block SMB...

EUVD-2021-1103

Malware in sbrugna...

EUVD-2023-0926

Malicious code in bioql PyPI...

Malicious code in cloudflared-x64 (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6406 Malicious code in cloudflared-x64 (npm)

--- -= Per source details. Do not edit below this line.=-...

GHSA-VRW8-FXC6-2R93 vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-ui, step-issuer, cloudflared, gogatekeeper, step-ca, rclone, dapr, gitness, tkn, sftpgo, caddy, telegraf, step, karma, buf...

GHSA-VRW8-FXC6-2R93 vulnerabilities

Vulnerabilities for packages: karma, buf, sftpgo, step-issuer-fips, tkn-fips, dapr-fips, rclone, caddy, tkn, fleet-server, step, cloudflared, gogatekeeper, caddy-fips, telegraf, step-ca-fips, gitness, step-fips, dapr, fleet-server-fips, kyverno-policy-reporter-ui, rclone-fips, step-ca,...

cloudflared-2024.12.1-1.1 on GA media (moderate)

cloudflared-2024.12.1-1.1 on GA media Announcement ID: openSUSE-SU-2024:14585-1 Rating: moderate Cross-References: CVE-2024-45337 CVSS scores: CVE-2024-45337 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

OPENSUSE-SU-2024:14585-1 cloudflared-2024.12.1-1.1 on GA media

These are all security issues fixed in the cloudflared-2024.12.1-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-PX8V-PP82-RCVR vulnerabilities

Vulnerabilities for packages: go-ipfs-fips, buf, frp, coredns, traefik, caddy, cloudflared, traefik-fips, eks-distro, eks-distro-fips, k3s, caddy-fips, q, kubernetes-dns-node-cache, spegel, kubernetes-dns-node-cache-fips, coredns-fips, ipfs, teleport...

CVE-2024-53259 vulnerabilities

Vulnerabilities for packages: go-ipfs-fips, buf, frp, coredns, traefik, caddy, cloudflared, traefik-fips, eks-distro, eks-distro-fips, k3s, caddy-fips, q, kubernetes-dns-node-cache, spegel, kubernetes-dns-node-cache-fips, coredns-fips, ipfs, teleport...

GO-2022-0845 Local Privilege Escalation in cloudflared in github.com/cloudflare/cloudflared

Local Privilege Escalation in cloudflared in github.com/cloudflare/cloudflared...