CVE Catalog

CVE-2026-44942

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

A path traversal vulnerability in handling the 'path' component of .repo files in libzypp before version 17.38.13 in the 17.x series, or before 16.22.19, could allow attackers to fill directories on the system outside of the zypp cache with content.

Risk Assessment

This vulnerability could lead to unauthorized access to the file system, posing a risk of data leakage or malware.

Recommendation

It is recommended to update libzypp to the latest version to mitigate this vulnerability and to monitor systems for unauthorized changes in directories.

Original NVD description (English source)

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS