CVE-2026-44942 - Vulnerability Details - OpenCVE

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1267874
https://www.suse.com/security/cve/CVE-2026-44942.html

History

Thu, 18 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.
Title		libzypp .repo files can have an optional path which can lead to path traversal attacks
Weaknesses		CWE-24
References		https://bugzilla.suse.com/show_bug.cgi?id=1267874 https://www.suse.com/security/cve/CVE-2026-44942.html
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2026-06-18T09:57:12.821Z

Updated: 2026-06-18T12:09:37.292Z

Reserved: 2026-05-08T12:29:48.968Z

Link: CVE-2026-44942

Vulnrichment

Updated: 2026-06-18T12:09:23.563Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-44942", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "state": "PUBLISHED", "assignerShortName": "suse", "dateReserved": "2026-05-08T12:29:48.968Z", "datePublished": "2026-06-18T09:57:12.821Z", "dateUpdated": "2026-06-18T12:09:37.292Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-06-18T09:57:12.821Z"}, "title": "libzypp .repo files can have an optional path which can lead to path traversal attacks", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-24", "description": "CWE-24 Path traversal: '../filedir'", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "affected": [{"vendor": "SUSE", "product": "libzypp", "packageName": "libzypp", "repo": "https://github.com/opensuse/libzypp", "modules": ["repo parsing"], "versions": [{"status": "affected", "version": "17.0.0", "lessThan": "17.38.13", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "16.22.19", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content."}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1267874", "tags": ["issue-tracking"]}, {"url": "https://www.suse.com/security/cve/CVE-2026-44942.html", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "Michael Andres", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-18T12:05:47.827082Z", "id": "CVE-2026-44942", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T12:09:37.292Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-44942", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-18T12:05:47.827082Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T12:09:23.563Z"}}], "cna": {"title": "libzypp .repo files can have an optional path which can lead to path traversal attacks", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Michael Andres"}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/opensuse/libzypp", "vendor": "SUSE", "modules": ["repo parsing"], "product": "libzypp", "versions": [{"status": "affected", "version": "17.0.0", "lessThan": "17.38.13", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "16.22.19", "versionType": "semver"}], "packageName": "libzypp", "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1267874", "tags": ["issue-tracking"]}, {"url": "https://www.suse.com/security/cve/CVE-2026-44942.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.", "supportingMedia": [{"type": "text/html", "value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-24", "description": "CWE-24 Path traversal: '../filedir'"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-06-18T09:57:12.821Z"}}}, "cveMetadata": {"cveId": "CVE-2026-44942", "state": "PUBLISHED", "dateUpdated": "2026-06-18T12:09:37.292Z", "dateReserved": "2026-05-08T12:29:48.968Z", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "datePublished": "2026-06-18T09:57:12.821Z", "assignerShortName": "suse"}, "dataVersion": "5.2"}