Detections
Analytics

SUSE SLES16 Security Update : google-guest-agent (SUSE-SU-2026:22128-1)

high Nessus Plugin ID 321604

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES16 / SLES_SAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22128-1 advisory.

 Changes in google-guest-agent:

 Update to version 20260430.00

 * Update OWNERS (#609)
 * Update THIRD_PARTY_LICENSES to be package specific location. (#608)
 * Update dependencies and go version to 1.26.2 (#607) (bsc#1265762, CVE-2026-33814)
 * Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#604) (bsc#1260264, CVE-2026-33186)
 * Backport oslogin changes for sles16 to legacy agent (#603)
 * Bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 (#596)
 * Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#602)
 * Actually finally fix the RPM spec (#601)
 * Correct guest telemetry build target (#600)
 * Add packaging for new telemetry extension (#599)
 * Implement new scheduled job for routes monitor (#598)
 * Add packaging changes for locally bundled extensions feature support (#593)
 * Ensure the uninstall script handles GCE metadata endpoint unavailability. (#591)
 * Disable certificates when security keys are enabled (#588)
 * Move sourcing of per-user configs to the end of sshd_config, fixing 2FA logins. (#590)
 * Source the contents of /var/google-users.d config files. (#586)
 * Force remove core plugin configuration for windows (#587)
 * network: force address manager to always consolidate the OS state (#585)
 * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583) (bsc#1239334, CVE-2025-22869, bsc#1253889, CVE-2025-58181)
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)
 - from version 20260424.00
 * Bring topic-stable up to latest point. (#606)
 * Bring stable branch up to 822ad49fd52b4d29869604af836a33cb22a667ba (#592)
 * fix start mode for windows on stable release (#584)
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20260423.01
 * Update THIRD_PARTY_LICENSES to be package specific location. (#608)
 - from version 20260423.00
 * Update dependencies and go version to 1.26.2 (#607)
 * Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#604)
 * Backport oslogin changes for sles16 to legacy agent (#603)
 * Bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 (#596)
 * Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#602)
 * Actually finally fix the RPM spec (#601)
 * Correct guest telemetry build target (#600)
 * Add packaging for new telemetry extension (#599)
 * Implement new scheduled job for routes monitor (#598)
 * Add packaging changes for locally bundled extensions feature support (#593)
 * Ensure the uninstall script handles GCE metadata endpoint unavailability. (#591)
 * Disable certificates when security keys are enabled (#588)
 * Move sourcing of per-user configs to the end of sshd_config, fixing 2FA logins. (#590)
 * Source the contents of /var/google-users.d config files. (#586)
 * Force remove core plugin configuration for windows (#587)
 * network: force address manager to always consolidate the OS state (#585)
 * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583)
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)
 - from version 20260422.01
 * Bring topic-stable up to latest point. (#606)
 * Bring stable branch up to 822ad49fd52b4d29869604af836a33cb22a667ba (#592)
 * fix start mode for windows on stable release (#584)
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20260422.00
 * Update dependencies and go version to 1.26.2 (#607)
 * Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#604)
 * Backport oslogin changes for sles16 to legacy agent (#603)
 * Bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 (#596)
 * Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#602)
 * Actually finally fix the RPM spec (#601)
 * Correct guest telemetry build target (#600)
 * Add packaging for new telemetry extension (#599)
 * Implement new scheduled job for routes monitor (#598)
 * Add packaging changes for locally bundled extensions feature support (#593)
 * Ensure the uninstall script handles GCE metadata endpoint unavailability. (#591)
 * Disable certificates when security keys are enabled (#588)
 * Move sourcing of per-user configs to the end of sshd_config, fixing 2FA logins. (#590)
 * Source the contents of /var/google-users.d config files. (#586)
 * Force remove core plugin configuration for windows (#587)
 * network: force address manager to always consolidate the OS state (#585)
 * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583)
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)
 - from version 20260421.00
 * Bring topic-stable up to latest point. (#606)
 * Bring stable branch up to 822ad49fd52b4d29869604af836a33cb22a667ba (#592)
 * fix start mode for windows on stable release (#584)
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20260414.00
 * Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#604)
 - Bump Go API version to 1.26

 - Fix crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262926, CVE-2026-34986)

 - Update to version 20260402.00: (bsc#1257010)
 * Backport oslogin changes for sles16 to legacy agent (#603)
 * Bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 (#596)
 * Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#602)
 * Actually finally fix the RPM spec (#601)
 * Correct guest telemetry build target (#600)
 * Add packaging for new telemetry extension (#599)
 * Implement new scheduled job for routes monitor (#598)
 * Add packaging changes for locally bundled extensions feature support (#593)
 * Ensure the uninstall script handles GCE metadata endpoint unavailability. (#591)
 * Disable certificates when security keys are enabled (#588)
 * Move sourcing of per-user configs to the end of sshd_config, fixing 2FA logins. (#590)

 - Update to version 20260108.00
 * Source the contents of /var/google-users.d config files. (#586)

 - Update to version 20251223.00
 * Force remove core plugin configuration for windows (#587)
 * network: force address manager to always consolidate the OS state (#585)
 * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583)
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)
 - from version 20251218.01
 * fix start mode for windows on stable release (#584)
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20251218.00
 * Force remove core plugin configuration for windows (#587)
 * network: force address manager to always consolidate the OS state (#585)
 * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583)
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)
 - from version 20251216.00
 * fix start mode for windows on stable release (#584)
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20251215.00
 * Force remove core plugin configuration for windows (#587)
 * network: force address manager to always consolidate the OS state (#585)
 * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583)
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)
 - from version 20251210.00
 * fix start mode for windows on stable release (#584)
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20251209.00
 * Force remove core plugin configuration for windows (#587)

 - Update to version 20251208.00
 * network: force address manager to always consolidate the OS state (#585)
 * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583)
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)
 - from version 20251206.00
 * fix start mode for windows on stable release (#584)
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20251205.00
 * network: force address manager to always consolidate the OS state (#585)
 * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583)
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)

 - Update to version 20251120.01
 * fix start mode for windows on stable release (#584)
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20251120.00
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)
 - from version 20251117.00
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20251115.00
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)
 - from version 20251108.00
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20251107.01
 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582)
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main process (#544)
 - from version 20251031.00
 * Update agent_uninstall.ps1 (#558) (#580)
 * Update go version for stable branch to 1.25 (#571)
 * Add adapt script in stable branch as per #569 (#570)
 * Backport fix from #567 to stable branch (#568)
 * Revert compat behavior and call known binary directly (#560)
 * Revert compat behavior and call known binary directly (#559)
 * Build rollforward package to re-enable original agent and disable core plugin (#557)
 - from version 20251030.02
 * Add Tyler, Saswat, Hank to OWNERS (#577)
 * Honor core plugin setting on windows package update (#576)
 * Restart agent if core plugin is disabled (#575)
 * Add extra debug logging around toggling OS Login (#572)
 * Update go version to 1.25 (#565)
 * Add compat adapt script to windows in agent sysprep (#569)
 * Fix adapt to use more portable shebang line (#567)
 * Remove routes script from packaging (#566)
 * Update adapt script to run on startup/shutdown both (#561)
 * Update agent_uninstall.ps1 (#558)
 * Stop core plugin before removing agent package (#554)
 * Startup scripts should start after agent manager instead (#553)
 * Update presets and install dependencies on systemd units (#552)
 * Ensure agent service is disabled (#551)
 * Disable legacy agent to enable core plugin (#550)
 * Final fix for RHEL packaging for routes setup (#549)
 * Fix RHEL packaging for routes scripts (#548)
 * Packaging changes to include routes script installation (#542)
 * Update CLI name in packaging (#543)
 * systemd should manage only the main p ...

 Please note that the description has been truncated due to length. Please refer to vendor advisory for the full description.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected google-guest-agent package.

See Also

https://bugzilla.suse.com/1210938

https://bugzilla.suse.com/1239334

https://bugzilla.suse.com/1239944

https://bugzilla.suse.com/1243254

https://bugzilla.suse.com/1243505

https://bugzilla.suse.com/1245759

https://bugzilla.suse.com/1253889

https://bugzilla.suse.com/1257010

https://bugzilla.suse.com/1260264

https://bugzilla.suse.com/1262926

https://bugzilla.suse.com/1265762

https://lists.suse.com/pipermail/sle-updates/2026-June/047345.html

https://www.suse.com/security/cve/CVE-2025-22868

https://www.suse.com/security/cve/CVE-2025-22869

https://www.suse.com/security/cve/CVE-2025-58181

https://www.suse.com/security/cve/CVE-2026-33186

https://www.suse.com/security/cve/CVE-2026-33814

https://www.suse.com/security/cve/CVE-2026-34986

Plugin Details

Severity: High

ID: 321604

File Name: suse_SU-2026-22128-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/20/2026

Updated: 6/20/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2026-33814

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:google-guest-agent, cpe:/o:novell:suse_linux:16

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/15/2026

Vulnerability Publication Date: 2/26/2025

Reference Information

CVE: CVE-2025-22868, CVE-2025-22869, CVE-2025-58181, CVE-2026-33186, CVE-2026-33814, CVE-2026-34986

SuSE: SUSE-SU-2026:22128-1