{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2026-21720","title":"Title"},{"category":"description","text":"Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2026-21720","url":"https://www.suse.com/security/cve/CVE-2026-21720"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1257349 for CVE-2026-21720","url":"https://bugzilla.suse.com/1257349"}],"title":"SUSE CVE CVE-2026-21720","tracking":{"current_release_date":"2026-03-11T16:18:34Z","generator":{"date":"2026-01-28T00:25:27Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2026-21720","initial_release_date":"2026-01-28T00:25:27Z","revision_history":[{"date":"2026-01-28T00:25:27Z","number":"2","summary":"vulnerabilities added,references added,severity changed from  to important"},{"date":"2026-03-11T16:18:34Z","number":"3","summary":"updates entered QA"}],"status":"interim","version":"3"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Module for Package Hub 15 SP7","product":{"name":"SUSE Linux Enterprise Module for Package Hub 15 SP7","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:packagehub:15:sp7"}}},{"category":"product_name","name":"SUSE Manager Client Tools 15","product":{"name":"SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15"}},{"category":"product_name","name":"SUSE Manager Client Tools for SLE 12","product":{"name":"SUSE Manager Client Tools for SLE 12","product_id":"SUSE Manager Client Tools for SLE 12","product_identification_helper":{"cpe":"cpe:/o:suse:sle-manager-tools:12"}}},{"category":"product_name","name":"SUSE Manager Client Tools for SLE 15","product":{"name":"SUSE Manager Client Tools for SLE 15","product_id":"SUSE Manager Client Tools for SLE 15","product_identification_helper":{"cpe":"cpe:/o:suse:sle-manager-tools:15"}}},{"category":"product_name","name":"SUSE Manager Proxy LTS 4.3","product":{"name":"SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy-lts:4.3"}}},{"category":"product_name","name":"SUSE Manager Server LTS 4.3","product":{"name":"SUSE Manager Server LTS 4.3","product_id":"SUSE Manager Server LTS 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server-lts:4.3"}}},{"category":"product_name","name":"SUSE Multi-Linux Manager Client Tools for SLE 12","product":{"name":"SUSE Multi-Linux Manager Client Tools for SLE 12","product_id":"SUSE Multi-Linux Manager Client Tools for SLE 12","product_identification_helper":{"cpe":"cpe:/o:suse:multi-linux-managertools-sle:12"}}},{"category":"product_name","name":"SUSE Multi-Linux Manager Client Tools for SLE 15","product":{"name":"SUSE Multi-Linux Manager Client Tools for SLE 15","product_id":"SUSE Multi-Linux Manager Client Tools for SLE 15","product_identification_helper":{"cpe":"cpe:/o:suse:multi-linux-managertools-sle:15"}}},{"category":"product_name","name":"openSUSE Leap 15.6","product":{"name":"openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.6"}}},{"category":"product_version","name":"dracut-saltboot-1.1.0-150000.1.65.1","product":{"name":"dracut-saltboot-1.1.0-150000.1.65.1","product_id":"dracut-saltboot-1.1.0-150000.1.65.1","product_identification_helper":{"purl":"pkg:rpm/suse/dracut-saltboot@1.1.0-150000.1.65.1?upstream=dracut-saltboot-1.1.0-150000.1.65.1.src.rpm"}}},{"category":"product_version","name":"firewalld-prometheus-config-0.1-150000.3.67.1","product":{"name":"firewalld-prometheus-config-0.1-150000.3.67.1","product_id":"firewalld-prometheus-config-0.1-150000.3.67.1","product_identification_helper":{"purl":"pkg:rpm/suse/firewalld-prometheus-config@0.1-150000.3.67.1?upstream=golang-github-prometheus-prometheus-0.1-150000.3.67.1.src.rpm"}}},{"category":"product_version","name":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","product":{"name":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","product_id":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","product_identification_helper":{"purl":"pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter@0.4.0-150000.1.21.1?upstream=golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.src.rpm"}}},{"category":"product_version","name":"golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1","product":{"name":"golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1","product_id":"golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1","product_identification_helper":{"purl":"pkg:rpm/suse/golang-github-boynux-squid_exporter@1.13.0-150000.1.12.1?upstream=golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.src.rpm"}}},{"category":"product_version","name":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","product":{"name":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","product_id":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","product_identification_helper":{"purl":"pkg:rpm/suse/golang-github-lusitaniae-apache_exporter@1.0.10-150000.1.26.1?upstream=golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.src.rpm"}}},{"category":"product_version","name":"golang-github-prometheus-prometheus-3.5.0-150000.3.67.1","product":{"name":"golang-github-prometheus-prometheus-3.5.0-150000.3.67.1","product_id":"golang-github-prometheus-prometheus-3.5.0-150000.3.67.1","product_identification_helper":{"purl":"pkg:rpm/suse/golang-github-prometheus-prometheus@3.5.0-150000.3.67.1?upstream=golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.src.rpm"}}},{"category":"product_version","name":"golang-github-prometheus-promu-0.17.0-150000.3.30.1","product":{"name":"golang-github-prometheus-promu-0.17.0-150000.3.30.1","product_id":"golang-github-prometheus-promu-0.17.0-150000.3.30.1","product_identification_helper":{"purl":"pkg:rpm/suse/golang-github-prometheus-promu@0.17.0-150000.3.30.1?upstream=golang-github-prometheus-promu-0.17.0-150000.3.30.1.src.rpm"}}},{"category":"product_version","name":"grafana","product":{"name":"grafana","product_id":"grafana","product_identification_helper":{"cpe":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/grafana@?upstream=grafana.src.rpm"}}},{"category":"product_version","name":"grafana-11.6.11-150000.1.90.1","product":{"name":"grafana-11.6.11-150000.1.90.1","product_id":"grafana-11.6.11-150000.1.90.1","product_identification_helper":{"cpe":"cpe:2.3:a:grafana:grafana:11.6.11:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/grafana@11.6.11-150000.1.90.1?upstream=grafana-11.6.11-150000.1.90.1.src.rpm"}}},{"category":"product_version","name":"grafana-11.6.11-150200.3.83.1","product":{"name":"grafana-11.6.11-150200.3.83.1","product_id":"grafana-11.6.11-150200.3.83.1","product_identification_helper":{"cpe":"cpe:2.3:a:grafana:grafana:11.6.11:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/grafana@11.6.11-150200.3.83.1?upstream=grafana-11.6.11-150200.3.83.1.src.rpm"}}},{"category":"product_version","name":"mgrctl-0.1.38-150000.1.30.1","product":{"name":"mgrctl-0.1.38-150000.1.30.1","product_id":"mgrctl-0.1.38-150000.1.30.1","product_identification_helper":{"purl":"pkg:rpm/suse/mgrctl@0.1.38-150000.1.30.1?upstream=uyuni-tools-0.1.38-150000.1.30.1.src.rpm"}}},{"category":"product_version","name":"mgrctl-bash-completion-0.1.38-150000.1.30.1","product":{"name":"mgrctl-bash-completion-0.1.38-150000.1.30.1","product_id":"mgrctl-bash-completion-0.1.38-150000.1.30.1","product_identification_helper":{"purl":"pkg:rpm/suse/mgrctl-bash-completion@0.1.38-150000.1.30.1?upstream=uyuni-tools-0.1.38-150000.1.30.1.src.rpm"}}},{"category":"product_version","name":"mgrctl-lang-0.1.38-150000.1.30.1","product":{"name":"mgrctl-lang-0.1.38-150000.1.30.1","product_id":"mgrctl-lang-0.1.38-150000.1.30.1","product_identification_helper":{"purl":"pkg:rpm/suse/mgrctl-lang@0.1.38-150000.1.30.1?upstream=uyuni-tools-0.1.38-150000.1.30.1.src.rpm"}}},{"category":"product_version","name":"mgrctl-zsh-completion-0.1.38-150000.1.30.1","product":{"name":"mgrctl-zsh-completion-0.1.38-150000.1.30.1","product_id":"mgrctl-zsh-completion-0.1.38-150000.1.30.1","product_identification_helper":{"purl":"pkg:rpm/suse/mgrctl-zsh-completion@0.1.38-150000.1.30.1?upstream=uyuni-tools-0.1.38-150000.1.30.1.src.rpm"}}},{"category":"product_version","name":"prometheus-blackbox_exporter-0.26.0-150000.1.30.2","product":{"name":"prometheus-blackbox_exporter-0.26.0-150000.1.30.2","product_id":"prometheus-blackbox_exporter-0.26.0-150000.1.30.2","product_identification_helper":{"purl":"pkg:rpm/suse/prometheus-blackbox_exporter@0.26.0-150000.1.30.2?upstream=prometheus-blackbox_exporter-0.26.0-150000.1.30.2.src.rpm"}}},{"category":"product_version","name":"spacecmd-5.0.15-150000.3.142.1","product":{"name":"spacecmd-5.0.15-150000.3.142.1","product_id":"spacecmd-5.0.15-150000.3.142.1","product_identification_helper":{"purl":"pkg:rpm/suse/spacecmd@5.0.15-150000.3.142.1?upstream=spacecmd-5.0.15-150000.3.142.1.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"golang-github-prometheus-promu-0.17.0-150000.3.30.1 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1"},"product_reference":"golang-github-prometheus-promu-0.17.0-150000.3.30.1","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"grafana-11.6.11-150200.3.83.1 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP7:grafana-11.6.11-150200.3.83.1"},"product_reference":"grafana-11.6.11-150200.3.83.1","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"dracut-saltboot-1.1.0-150000.1.65.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1"},"product_reference":"dracut-saltboot-1.1.0-150000.1.65.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"firewalld-prometheus-config-0.1-150000.3.67.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1"},"product_reference":"firewalld-prometheus-config-0.1-150000.3.67.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1"},"product_reference":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1"},"product_reference":"golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1"},"product_reference":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"golang-github-prometheus-prometheus-3.5.0-150000.3.67.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1"},"product_reference":"golang-github-prometheus-prometheus-3.5.0-150000.3.67.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"grafana-11.6.11-150000.1.90.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1"},"product_reference":"grafana-11.6.11-150000.1.90.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"mgrctl-0.1.38-150000.1.30.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1"},"product_reference":"mgrctl-0.1.38-150000.1.30.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"mgrctl-bash-completion-0.1.38-150000.1.30.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1"},"product_reference":"mgrctl-bash-completion-0.1.38-150000.1.30.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"mgrctl-lang-0.1.38-150000.1.30.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1"},"product_reference":"mgrctl-lang-0.1.38-150000.1.30.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"mgrctl-zsh-completion-0.1.38-150000.1.30.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1"},"product_reference":"mgrctl-zsh-completion-0.1.38-150000.1.30.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"prometheus-blackbox_exporter-0.26.0-150000.1.30.2 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2"},"product_reference":"prometheus-blackbox_exporter-0.26.0-150000.1.30.2","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"spacecmd-5.0.15-150000.3.142.1 as component of SUSE Manager Client Tools 15","product_id":"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1"},"product_reference":"spacecmd-5.0.15-150000.3.142.1","relates_to_product_reference":"SUSE Manager Client Tools 15"},{"category":"default_component_of","full_product_name":{"name":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1"},"product_reference":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1"},"product_reference":"golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1"},"product_reference":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"prometheus-blackbox_exporter-0.26.0-150000.1.30.2 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:prometheus-blackbox_exporter-0.26.0-150000.1.30.2"},"product_reference":"prometheus-blackbox_exporter-0.26.0-150000.1.30.2","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1 as component of SUSE Manager Server LTS 4.3","product_id":"SUSE Manager Server LTS 4.3:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1"},"product_reference":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","relates_to_product_reference":"SUSE Manager Server LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1 as component of SUSE Manager Server LTS 4.3","product_id":"SUSE Manager Server LTS 4.3:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1"},"product_reference":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","relates_to_product_reference":"SUSE Manager Server LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"dracut-saltboot-1.1.0-150000.1.65.1 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1"},"product_reference":"dracut-saltboot-1.1.0-150000.1.65.1","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1"},"product_reference":"golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1"},"product_reference":"golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1"},"product_reference":"golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"golang-github-prometheus-promu-0.17.0-150000.3.30.1 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1"},"product_reference":"golang-github-prometheus-promu-0.17.0-150000.3.30.1","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"grafana-11.6.11-150200.3.83.1 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:grafana-11.6.11-150200.3.83.1"},"product_reference":"grafana-11.6.11-150200.3.83.1","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"prometheus-blackbox_exporter-0.26.0-150000.1.30.2 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2"},"product_reference":"prometheus-blackbox_exporter-0.26.0-150000.1.30.2","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"spacecmd-5.0.15-150000.3.142.1 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1"},"product_reference":"spacecmd-5.0.15-150000.3.142.1","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Linux Enterprise Module for Package Hub 15 SP7","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP7:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Manager Client Tools for SLE 12","product_id":"SUSE Manager Client Tools for SLE 12:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Manager Client Tools for SLE 12"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Manager Client Tools for SLE 15","product_id":"SUSE Manager Client Tools for SLE 15:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Manager Client Tools for SLE 15"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Multi-Linux Manager Client Tools for SLE 12","product_id":"SUSE Multi-Linux Manager Client Tools for SLE 12:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Multi-Linux Manager Client Tools for SLE 12"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Multi-Linux Manager Client Tools for SLE 15","product_id":"SUSE Multi-Linux Manager Client Tools for SLE 15:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Multi-Linux Manager Client Tools for SLE 15"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:grafana"},"product_reference":"grafana","relates_to_product_reference":"openSUSE Leap 15.6"}]},"vulnerabilities":[{"cve":"CVE-2026-21720","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2026-21720"}],"notes":[{"category":"general","text":"Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.","title":"CVE description"}],"product_status":{"first_fixed":["SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1","SUSE Linux Enterprise Module for Package Hub 15 SP7:grafana-11.6.11-150200.3.83.1","SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1","SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1","SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1","SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1","SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1","SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1","SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1","SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1","SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1","SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2","SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1","SUSE Manager Proxy LTS 4.3:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","SUSE Manager Proxy LTS 4.3:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1","SUSE Manager Proxy LTS 4.3:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","SUSE Manager Proxy LTS 4.3:prometheus-blackbox_exporter-0.26.0-150000.1.30.2","SUSE Manager Server LTS 4.3:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","SUSE Manager Server LTS 4.3:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1","openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1","openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1","openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1","openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1","openSUSE Leap 15.6:grafana-11.6.11-150200.3.83.1","openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2","openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1"],"known_affected":["SUSE Linux Enterprise Module for Package Hub 15 SP7:grafana","SUSE Manager Client Tools for SLE 12:grafana","SUSE Manager Client Tools for SLE 15:grafana","SUSE Multi-Linux Manager Client Tools for SLE 12:grafana","SUSE Multi-Linux Manager Client Tools for SLE 15:grafana","openSUSE Leap 15.6:grafana"]},"references":[{"category":"external","summary":"CVE-2026-21720","url":"https://www.suse.com/security/cve/CVE-2026-21720"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1257349 for CVE-2026-21720","url":"https://bugzilla.suse.com/1257349"}],"threats":[{"category":"impact","date":"2026-01-27T11:00:42Z","details":"important"}],"title":"CVE-2026-21720"}]}