CVE-2026-44942
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk25th percentile — higher than 25% of all known CVEs
Summary
A path traversal vulnerability in handling the 'path' component of .repo files in libzypp before version 17.38.13 in the 17.x series, or before 16.22.19, could allow attackers to fill directories on the system outside of the zypp cache with content.
Risk Assessment
This vulnerability could lead to unauthorized access to the file system, posing a risk of data leakage or malware.
Recommendation
It is recommended to update libzypp to the latest version to mitigate this vulnerability and to monitor systems for unauthorized changes in directories.
Original NVD description (English source)
A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

