diff --git a/0001-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch b/0001-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch
new file mode 100644
index 0000000..4b7526c
--- /dev/null
+++ b/0001-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch
@@ -0,0 +1,89 @@
+From 36d0fb945052ecbe11e09861d632f6f0324a7aa5 Mon Sep 17 00:00:00 2001
+From: rcmadhankumar <madhankumar.chellamuthu@suse.com>
+Date: Fri, 30 Jan 2026 11:15:15 +0530
+Subject: [PATCH] CVE-2025-47913, CVE-2025-47914: ssh/agent fixes --
+
+CVE-2025-47913: ssh/agent: return an error for unexpected message types
+
+Previously, receiving an unexpected message type in response to a key
+listing or a signing request could cause a panic due to a failed type
+assertion.
+
+This change adds a default case to the type switch in order to detect
+and explicitly handle unknown or invalid message types, returning a
+descriptive error instead of crashing.
+
+Fixes CVE-2025-47913
+Fixes golang/go#75178
+Fixes bsc#1253584
+
+--
+
+CVE-2025-47914: ssh/agent: prevent panic on malformed constraint
+
+An attacker could supply a malformed Constraint that
+would trigger a panic in a serving agent, effectively
+causing denial of service.
+
+Thank you to Jakub Ciolek for reporting this issue.
+
+Fixes CVE-2025-47914
+Fixes golang/go#76364
+Fixes bsc#1254041
+
+Change-Id: I195bbc68b1560d4f04897722a6a653a7cbf086eb
+Reviewed-on: https://go-review.googlesource.com/c/crypto/+/721960
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+Auto-Submit: Roland Shoemaker <roland@golang.org>
+Reviewed-by: Damien Neil <dneil@google.com>
+
+Co-authored-by: Danish Prakash <contact@danishpraka.sh>
+Signed-off-by: rcmadhankumar <madhankumar.chellamuthu@suse.com>
+---
+ vendor/golang.org/x/crypto/ssh/agent/client.go | 6 ++++--
+ vendor/golang.org/x/crypto/ssh/agent/server.go | 3 +++
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/golang.org/x/crypto/ssh/agent/client.go b/vendor/golang.org/x/crypto/ssh/agent/client.go
+index 106708d2..410e21b0 100644
+--- a/vendor/golang.org/x/crypto/ssh/agent/client.go
++++ b/vendor/golang.org/x/crypto/ssh/agent/client.go
+@@ -430,8 +430,9 @@ func (c *client) List() ([]*Key, error) {
+ 		return keys, nil
+ 	case *failureAgentMsg:
+ 		return nil, errors.New("agent: failed to list keys")
++	default:
++		return nil, fmt.Errorf("agent: failed to list keys, unexpected message type %T", msg)
+ 	}
+-	panic("unreachable")
+ }
+ 
+ // Sign has the agent sign the data using a protocol 2 key as defined
+@@ -462,8 +463,9 @@ func (c *client) SignWithFlags(key ssh.PublicKey, data []byte, flags SignatureFl
+ 		return &sig, nil
+ 	case *failureAgentMsg:
+ 		return nil, errors.New("agent: failed to sign challenge")
++	default:
++		return nil, fmt.Errorf("agent: failed to sign challenge, unexpected message type %T", msg)
+ 	}
+-	panic("unreachable")
+ }
+ 
+ // unmarshal parses an agent message in packet, returning the parsed
+diff --git a/vendor/golang.org/x/crypto/ssh/agent/server.go b/vendor/golang.org/x/crypto/ssh/agent/server.go
+index e35ca7ce..6c059949 100644
+--- a/vendor/golang.org/x/crypto/ssh/agent/server.go
++++ b/vendor/golang.org/x/crypto/ssh/agent/server.go
+@@ -203,6 +203,9 @@ func parseConstraints(constraints []byte) (lifetimeSecs uint32, confirmBeforeUse
+ 	for len(constraints) != 0 {
+ 		switch constraints[0] {
+ 		case agentConstrainLifetime:
++			if len(constraints) < 5 {
++				return 0, false, nil, io.ErrUnexpectedEOF
++			}
+ 			lifetimeSecs = binary.BigEndian.Uint32(constraints[1:5])
+ 			constraints = constraints[5:]
+ 		case agentConstrainConfirm:
+-- 
+2.52.0
+
diff --git a/docker-compose.changes b/docker-compose.changes
index 3c8f0b6..208a753 100644
--- a/docker-compose.changes
+++ b/docker-compose.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Feb  3 08:36:15 UTC 2026 - Madhankumar Chellamuthu <madhankumar.chellamuthu@suse.com>
+
+- Add patch for CVE-2025-47914 (bsc#1254041), CVE-2025-47913 (bsc#1253584):
+  0001-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch
+
 -------------------------------------------------------------------
 Fri Feb 21 14:47:15 UTC 2025 - opensuse_buildservice@ojkastl.de
 
diff --git a/docker-compose.spec b/docker-compose.spec
index f4912c6..de7c565 100644
--- a/docker-compose.spec
+++ b/docker-compose.spec
@@ -24,6 +24,7 @@ License:        Apache-2.0
 URL:            https://github.com/docker/compose
 Source:         %{name}-%{version}.tar.gz
 Source1:        vendor.tar.gz
+Patch0:         0001-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch
 BuildRequires:  golang(API) = 1.22
 Requires:       docker