We received a notification from Google about two CVEs affecting our images, and the suspicion is that one or both of these is coming from P4Prometheus:
- CVE-2026-27459 – pyOpenSSL (vulnerable versions 22.0.0 to <26.0.0)
- CVE-2026-33186 – grpc-go (versions <1.79.3, authz bypass in gRPC-Go servers)
As I think I understand it, the path forward is just to build with a newer Go version.
We received a notification from Google about two CVEs affecting our images, and the suspicion is that one or both of these is coming from P4Prometheus:
As I think I understand it, the path forward is just to build with a newer Go version.