漏洞概述 漏洞编号: CVE-2026-44942 漏洞描述: libzypp: repo.files can have an optional path which can lead to path traversal attacks 报告时间: 2026-06-08 11:32 UTC by Marcus Meissner 修改时间: 2026-06-12 16:31 UTC (4 hours ago) 优先级: P3 - Medium Severity: Normal 目标里程碑: 未指定 截止日期: 2026-08-01 分配给: Security Team bot QA联系人: Security Team bot URL: https://bugzilla.suse.de/show_bug.cgi?id=126784 白名单: CVSSv3.1:SUSE:CVE-2026-44942:6.5:AW... 关键词: 无 依赖项: 无 阻塞项: 无 影响范围 产品: SUSE Security Incidents 组件: Incidents (how other bugs) 版本: unspecified 硬件: Other Other 修复方案 修复状态: 已修复 修复版本: - libzypp-16.22.19 for Code12 - libzypp-17.38.13 for Code15, Code16, Factory 提交情况: OBS requests are submitted, GitLab PRs are waiting for Factory branch being synced. 维护自动化: - SUSE-SU-2026:22073-1: An update that solves two vulnerabilities can now be installed. - URL: https://www.suse.com/support/update/announcement/2026/suse-su-202622073-1 - Category: security (moderate) - Bug References: 1267426, 1267874 - CVE References: CVE-2026-44942, CVE-2026-44942 - Sources used: - SUSE Linux Micro 6.1 (src): - libzypp-17.38.13-1.fc.1.1.1 - NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. - SUSE-SU-2026:22064-1: An update that solves one vulnerability can now be installed. - URL: https://www.suse.com/support/update/announcement/2026/suse-su-202622064-1 - Category: security (moderate) - Bug References: 1267874 - CVE References: CVE-2026-44942 - Sources used: - SUSE Linux Micro 6.0 (src): - libzypp-17.38.13-1.1 - NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. POC代码或利用代码 页面中未包含具体的POC代码或利用代码。