CVE-2026-44942
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | libzypp | 17.0.0 < 17.38.13 | affected |
| SUSE | libzypp | 0 < 16.22.19 | affected |
Weaknesses
- CWE-24: CWE-24 Path traversal: '../filedir'
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://bugzilla.suse.com/show_bug.cgi?id=1267874
- https://www.suse.com/security/cve/CVE-2026-44942.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.