Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Azure Storage AzCopy: Unauthorized Access via HTTP/2 Path Header
SUSE-SU-2026:1395-1
Summary
A security update is available for Azure Storage AzCopy to prevent unauthorized access to sensitive data. This update fixes a bug that could allow an attacker to access restricted areas of the system. Update to the latest version to ensure your system is secure.
What to do
- Update azure-storage-azcopy to version 10.29.1-150400.9.6.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Module for Public Cloud 15 SP4 | – | azure-storage-azcopy |
< 10.29.1-150400.9.6.1 Fix: upgrade to 10.29.1-150400.9.6.1
|
| SUSE:Linux Enterprise Module for Public Cloud 15 SP5 | – | azure-storage-azcopy |
< 10.29.1-150400.9.6.1 Fix: upgrade to 10.29.1-150400.9.6.1
|
| SUSE:Linux Enterprise Module for Public Cloud 15 SP6 | – | azure-storage-azcopy |
< 10.29.1-150400.9.6.1 Fix: upgrade to 10.29.1-150400.9.6.1
|
| SUSE:Linux Enterprise Module for Public Cloud 15 SP7 | – | azure-storage-azcopy |
< 10.29.1-150400.9.6.1 Fix: upgrade to 10.29.1-150400.9.6.1
|
Original title
Security update for azure-storage-azcopy
Original description
This update for azure-storage-azcopy fixes the following issues:
- CVE-2026-33186: Authorization bypass in grpc-go due to improper validation of the HTTP/2 :path pseudo-header (bsc#1260307).
- CVE-2026-33186: Authorization bypass in grpc-go due to improper validation of the HTTP/2 :path pseudo-header (bsc#1260307).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261395-1/ Vendor Advisory
- https://bugzilla.suse.com/1260307 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-33186 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026