CVE-2026-44941

Source
https://cve.org/CVERecord?id=CVE-2026-44941
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44941.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44941
Downstream
Related
Published
2026-07-02T15:19:05.302Z
Modified
2026-07-09T04:02:37.300244557Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
libzypp path traversal via "keyhint" in repomd.xml
Details

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44941.json",
    "cna_assigner": "suse",
    "cwe_ids": [
        "CWE-23"
    ]
}
References

Affected packages

Git / github.com/opensuse/libzypp

Affected ranges

Type
GIT
Repo
https://github.com/opensuse/libzypp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:opensuse:libzypp:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "17.38.12"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

10.*
10.0.0
10.1.0
10.1.1
10.2.0
10.3.0
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5
11.*
11.0.0
11.1.0
11.1.1
11.2.0
11.3.0
11.4.0
11.5.0
11.6.0
11.6.2
11.6.3
11.7.0
12.*
12.0.0
12.0.1
12.1.0
12.10.0
12.10.1
12.11.0
12.2.0
12.3.0
12.4.0
12.5.0
12.6.0
12.7.0
12.8.0
12.8.1
12.9.0
13.*
13.0.0
13.1.0
13.2.0
13.3.0
13.4.0
13.5.0
13.6.0
13.7.0
14.*
14.0.0
14.1.0
14.1.1
14.10.0
14.11.0
14.12.0
14.13.0
14.14.0
14.15.0
14.16.0
14.16.1
14.17.0
14.17.1
14.17.2
14.17.3
14.17.4
14.17.5
14.18.0
14.19.0
14.2.0
14.2.1
14.20.0
14.21.0
14.22.0
14.23.0
14.24.0
14.25.0
14.26.0
14.26.1
14.27.0
14.27.1
14.27.2
14.28.0
14.29.0
14.29.1
14.29.2
14.29.3
14.29.4
14.3.0
14.30.0
14.30.1
14.30.2
14.31.0
14.32.0
14.32.1
14.32.2
14.33.0
14.34.0
14.35.0
14.36.0
14.37.0
14.37.1
14.38.0
14.38.1
14.4.0
14.5.0
14.6.0
14.7.0
14.8.0
14.9.0
15.*
15.0.0
15.1.0
15.1.1
15.1.2
15.1.3
15.10.0
15.11.0
15.12.0
15.13.0
15.14.0
15.15.0
15.16.0
15.16.1
15.16.2
15.17.0
15.17.1
15.17.2
15.18.0
15.19.0
15.19.1
15.19.2
15.19.3
15.19.4
15.19.5
15.19.6
15.19.7
15.2.0
15.20.0
15.21.0
15.21.1
15.21.2
15.21.3
15.21.4
15.21.5
15.21.6
15.21.7
15.22.0
15.3.0
15.4.0
15.4.1
15.5.0
15.6.0
15.7.0
15.8.0
15.9.0
16.*
16.0.0
16.0.3
16.0.5
16.1.0
16.1.2
16.1.3
16.10.0
16.11.0
16.12.0
16.13.0
16.14.0
16.15.0
16.15.1
16.15.2
16.15.3
16.15.4
16.15.5
16.15.6
16.16.0
16.17.0
16.17.1
16.17.2
16.17.3
16.2.0
16.2.1
16.2.2
16.2.25
16.2.3
16.2.4
16.3.0
16.3.1
16.3.2
16.4.0
16.4.1
16.4.2
16.4.3
16.5.0
16.5.1
16.5.2
16.6.0
16.6.1
16.7.0
16.8.0
16.9.0
17.*
17.0.0
17.0.1
17.0.2
17.0.3
17.0.4
17.0.5
17.1.0
17.1.1
17.1.2
17.1.3
17.10.0
17.10.1
17.10.2
17.10.3
17.11.0
17.11.1
17.11.2
17.11.3
17.11.4
17.12.0
17.13.0
17.14.0
17.14.1
17.15.0
17.16.0
17.17.0
17.18.0
17.18.1
17.19.0
17.2.0
17.2.1
17.2.2
17.20.0
17.21.0
17.22.0
17.22.1
17.23.0
17.23.1
17.23.2
17.23.3
17.23.4
17.23.5
17.23.6
17.23.7
17.23.8
17.24.0
17.24.1
17.24.2
17.25.0
17.25.1
17.25.10
17.25.2
17.25.3
17.25.4
17.25.5
17.25.6
17.25.9
17.26.0
17.27.0
17.28.0
17.28.1
17.28.2
17.28.3
17.28.4
17.28.5
17.28.6
17.28.7
17.28.8
17.29.0
17.29.1
17.29.2
17.29.3
17.29.4
17.29.5
17.29.6
17.29.7
17.3.0
17.3.1
17.30.0
17.30.1
17.30.2
17.30.3
17.31.0
17.31.1
17.31.10
17.31.11
17.31.12
17.31.13
17.31.14
17.31.15
17.31.16
17.31.17
17.31.18
17.31.19
17.31.2
17.31.20
17.31.21
17.31.22
17.31.23
17.31.24
17.31.25
17.31.26
17.31.27
17.31.28
17.31.29
17.31.3
17.31.30
17.31.31
17.31.32
17.31.4
17.31.5
17.31.6
17.31.7
17.31.8
17.31.9
17.32.0
17.32.1
17.32.2
17.32.3
17.32.4
17.32.5
17.32.6
17.33.0
17.33.1
17.33.2
17.33.3
17.33.4
17.34.0
17.34.1
17.34.2
17.35.0
17.35.1
17.35.10
17.35.11
17.35.12
17.35.13
17.35.14
17.35.15
17.35.16
17.35.17
17.35.18
17.35.19
17.35.2
17.35.3
17.35.4
17.35.5
17.35.6
17.35.7
17.35.8
17.35.9
17.36.0
17.36.1
17.36.2
17.36.3
17.36.4
17.36.5
17.36.6
17.36.7
17.37.0
17.37.1
17.37.10
17.37.11
17.37.12
17.37.13
17.37.14
17.37.15
17.37.16
17.37.17
17.37.18
17.37.2
17.37.3
17.37.4
17.37.5
17.37.6
17.37.7
17.37.8
17.37.9
17.38.0
17.38.1
17.38.10
17.38.11
17.38.2
17.38.3
17.38.4
17.38.5
17.38.6
17.38.7
17.38.8
17.38.9
17.4.0
17.5.0
17.5.1
17.5.2
17.6.0
17.6.1
17.6.2
17.6.3
17.6.4
17.7.0
17.7.1
17.7.2
17.8.0
17.8.1
17.9.0
6.*
6.10.0
6.10.1
6.11.0
6.11.2
6.11.4
6.12.0
6.13.0
6.13.3
6.14.0
6.14.1
6.14.3
6.15.0
6.16.0
6.17.0
6.17.1
6.17.2
6.18.0
6.18.1
6.18.2
6.19.0
6.19.1
6.19.2
6.19.3
6.20.0
6.21.0
6.21.1
6.21.2
6.21.3
6.21.4
6.22.0
6.22.1
6.22.3
6.23.0
6.24.0
6.24.2
6.24.3
6.25.0
6.26.0
6.27.0
6.27.1
6.29.0
6.29.2
6.29.3
6.29.4
6.29.5
6.30.1
6.30.3
6.30.5
6.31.0
6.31.1
6.31.2
6.31.3
6.6.0
6.7.0
6.8.0
6.8.1
6.8.2
6.8.3
6.9.0
6.9.1
6.9.2
6.9.3
7.*
7.0.0
7.1.0
7.1.1
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.7.2
7.7.3
7.7.4
7.7.5
8.*
8.0.1
8.1.0
8.1.1
8.1.2
8.10.5
8.10.6
8.11.0
8.12.0
8.12.1
8.2.0
8.3.0
8.4.0
8.5.0
9.*
9.0.0
9.0.1
9.0.2
9.0.3
9.1.0
9.1.1
9.1.2
9.10.0
9.10.1
9.10.2
9.11.0
9.2.0
9.3.0
9.4.0
9.5.0
9.6.0
9.7.0
9.8.0
9.8.1
9.8.2
9.8.3
9.8.4
9.8.5
9.8.6
9.8.7
9.9.0
9.9.1
9.9.2
Other
BASE-SuSE-Code-11-Branch
BASE-SuSE-Code-11_2-Branch
BASE-SuSE-Code-11_4-Branch
BASE-SuSE-Code-12_1-Branch
BASE-SuSE-Code-12_2-Branch
BASE-SuSE-Code-12_3-Branch
BASE-SuSE-Code-13_1-Branch
BASE-SuSE-Linux-10_3-Branch
BASE-SuSE-Linux-11_0-Branch
BASE-SuSE-SLE-10-SP2-Branch
BASE-SuSE-SLE-11-SP2-Branch
BASE-SuSE-SLE-12-Branch
BASE-SuSE-SLE-12-SP1-Branch
BASE-SuSE-SLE-12-SP2-Branch

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44941.json"