Skip to main content

libzypp CVE-2026-44942

| EUVDEUVD-2026-37871 MEDIUM
Path Traversal: '../filedir' (CWE-24)
2026-06-18 suse GHSA-m2f8-w9q8-gvj5
6.5
CVSS 3.1 · Vendor: suse
Share

Severity by source

Vendor (suse) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.1 HIGH

Network vector and low complexity confirmed; PR:L reflects repository-config write access requirement; I:L added because writing files outside expected directories represents a minor integrity violation beyond pure disk exhaustion.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from Vendor (suse).

CVSS VectorVendor: suse

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jun 18, 2026 - 12:16 EUVD
Analysis Generated
Jun 18, 2026 - 11:17 vuln.today

DescriptionCVE.org

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

AnalysisAI

Path traversal in libzypp's .repo file processing enables low-privileged network-accessible attackers to write content into arbitrary directories on the host filesystem beyond the intended zypp cache boundary. Affected versions span the 17.x series before 17.38.13 and the 16.x series before 16.22.19, covering systems running SUSE Linux Enterprise and openSUSE derivatives that use zypper as their package manager. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Gain low-privilege access to target
Delivery
Craft malicious .repo file with traversal path
Exploit
Register repository or supply .repo to zypper process
Install
libzypp resolves traversal path outside cache
C2
Write package/metadata content to arbitrary directory
Execute
Fill target filesystem partition
Impact
Trigger denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires that an attacker can cause libzypp to parse a .repo file containing a path traversal sequence in the 'path' field. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 6.5 reflects a network-accessible (AV:N), low-complexity (AC:L), low-privilege (PR:L) attack with no user interaction (UI:N), scoped to availability impact only (A:H, C:N, I:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privileged access to a system - or the ability to supply a crafted .repo file to a privileged zypper operation (e.g., via a CI pipeline that adds third-party repositories) - crafts a repository definition containing a traversal payload in the 'path' field such as '../../../../../../tmp/attacker'. When libzypp processes this repository during a refresh or package installation operation, it writes cached metadata and package content into the traversal-resolved directory, progressively filling the targeted filesystem partition and causing a denial of service. …
Remediation The primary fix is upgrading libzypp to version 17.38.13 or later in the 17.x series, or to version 16.22.19 or later in the 16.x series, as confirmed by the SUSE advisory at https://www.suse.com/security/cve/CVE-2026-44942.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/kvm-os-container:latest Container suse/sl-micro/6.0/rt-os-container:latest Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.153 Container suse/sl-micro/6.0/toolbox:13.2-9.120 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.138 Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected
Container suse/sle-micro/5.5/toolbox:16.3-3.12.150 Container suse/sle-micro/base-5.5:2.0.4-5.8.285 Affected
Container suse/sles/16.0/toolbox:16.3-1.81 Image SLES-Azure-3P Image SLES-Azure-Basic Image SLES-Azure-Standard Image SLES-BYOS-Azure Image SLES-BYOS-EC2 Image SLES-BYOS-GCE Image SLES-EC2 Image SLES-GCE Image SLES-Hardened-BYOS-Azure Image SLES-Hardened-BYOS-EC2 Image SLES-Hardened-BYOS-GCE Affected

Share

CVE-2026-44942 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy