Home

Description

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.

PUBLISHED Reserved 2026-05-08 | Published 2026-07-02 | Updated 2026-07-07 | Assigner suse




HIGH: 8.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-23 Relative path traversal

Product status

Default status
unaffected

Any version before 17.38.12
affected

Credits

Trung Nguyen <trungnh@cystack.net> finder

References

bugzilla.suse.com/show_bug.cgi?id=1267426 issue-tracking

github.com/...ommit/294b1bad442d089ca671c5c03adc8031e3b29e04 patch

cve.org (CVE-2026-44941)

nvd.nist.gov (CVE-2026-44941)

Download JSON