CVE-2026-44941

EUVD-2026-41406
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsolv-devel
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
libsolv-tools
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
libsolv-tools-base
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
libzypp
suse enterprise desktop 15 SP7
17.38.13-150700.6.13.1
fixed
suse enterprise sap 15 SP7
17.38.13-150700.6.13.1
fixed
suse enterprise server 15 SP4
17.38.13-150400.3.158.1
fixed
suse enterprise server 15 SP5
17.38.13-150500.6.74.1
fixed
suse enterprise server 15 SP6
17.38.13-150600.3.92.1
fixed
suse enterprise server 15 SP7
17.38.13-150700.6.13.1
fixed
libzypp-devel
suse enterprise desktop 15 SP7
17.38.13-150700.6.13.1
fixed
suse enterprise sap 15 SP7
17.38.13-150700.6.13.1
fixed
suse enterprise server 15 SP4
17.38.13-150400.3.158.1
fixed
suse enterprise server 15 SP5
17.38.13-150500.6.74.1
fixed
suse enterprise server 15 SP6
17.38.13-150600.3.92.1
fixed
suse enterprise server 15 SP7
17.38.13-150700.6.13.1
fixed
perl-solv
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
python3-solv
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
python311-solv
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
ruby-solv
suse enterprise desktop 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise sap 15 SP7
0.7.39-150700.11.10.1
fixed
suse enterprise server 15 SP4
0.7.39-150400.3.46.1
fixed
suse enterprise server 15 SP5
0.7.39-150500.6.17.1
fixed
suse enterprise server 15 SP6
0.7.39-150600.8.24.1
fixed
suse enterprise server 15 SP7
0.7.39-150700.11.10.1
fixed
zypper
suse enterprise desktop 15 SP7
1.14.98-150700.13.6.1
fixed
suse enterprise sap 15 SP7
1.14.98-150700.13.6.1
fixed
suse enterprise server 15 SP4
1.14.98-150400.3.104.1
fixed
suse enterprise server 15 SP5
1.14.98-150500.6.45.1
fixed
suse enterprise server 15 SP6
1.14.98-150600.10.55.1
fixed
suse enterprise server 15 SP7
1.14.98-150700.13.6.1
fixed
zypper-log
suse enterprise desktop 15 SP7
1.14.98-150700.13.6.1
fixed
suse enterprise sap 15 SP7
1.14.98-150700.13.6.1
fixed
suse enterprise server 15 SP4
1.14.98-150400.3.104.1
fixed
suse enterprise server 15 SP5
1.14.98-150500.6.45.1
fixed
suse enterprise server 15 SP6
1.14.98-150600.10.55.1
fixed
suse enterprise server 15 SP7
1.14.98-150700.13.6.1
fixed
zypper-needs-restarting
suse enterprise desktop 15 SP7
1.14.98-150700.13.6.1
fixed
suse enterprise sap 15 SP7
1.14.98-150700.13.6.1
fixed
suse enterprise server 15 SP4
1.14.98-150400.3.104.1
fixed
suse enterprise server 15 SP5
1.14.98-150500.6.45.1
fixed
suse enterprise server 15 SP6
1.14.98-150600.10.55.1
fixed
suse enterprise server 15 SP7
1.14.98-150700.13.6.1
fixed