CVE-2026-44942— libzypp .repo files can have an optional path which can lead to path traversal attacks
Possible ATT&CK Techniques 1AI
T1083 · File and Directory DiscoveryGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44942
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libzypp .repo files can have an optional path which can lead to path traversal attacks
Source: NVD (National Vulnerability Database)
Vulnerability Description
A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
路径遍历:’../filedir’
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-44942
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44942
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-44942 (1)
IV. Related Vulnerabilities
Same product: libzypp
Same vendor: SUSE
- CVE-2026-44939
Command injection through unsanitized YAML parameter in Ranc - CVE-2025-71261
Harvester's SUSE Virtualization Registration Client Vulnerab - CVE-2026-44932
indirect remote shell command injection via unsanitized DHCP - CVE-2026-41054
Missing exit out of permission check in haveged could lead t - CVE-2026-44933
Path Traversal in Plugin Loading in libzypp
V. Comments for CVE-2026-44942
No comments yet