From 9f003507af4c56d52b378714c6614cfb0f656b9d Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Fri, 24 Apr 2026 00:48:16 +1200
Subject: [PATCH] python3-grpcio: ignore CVE-2026-33186

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33186

The vulnerability only affects the Go implememtation of the library,
not the Python one. Ignore this CVE due to this.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 468ee626f88272eedf275efe6f68640ee643c3f4)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-python/recipes-devtools/python/python3-grpcio_1.76.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-python/recipes-devtools/python/python3-grpcio_1.76.0.bb b/meta-python/recipes-devtools/python/python3-grpcio_1.76.0.bb
index 037614da3e..6dbffaf7b9 100644
--- a/meta-python/recipes-devtools/python/python3-grpcio_1.76.0.bb
+++ b/meta-python/recipes-devtools/python/python3-grpcio_1.76.0.bb
@@ -44,3 +44,4 @@ BBCLASSEXTEND = "native nativesdk"
 CCACHE_DISABLE = "1"
 
 CVE_PRODUCT += "grpc:grpc"
+CVE_STATUS[CVE-2026-33186] = "cpe-incorrect: the vulnerabilty affects only the go implementation"