CVE-2026-44942

Source
https://cve.org/CVERecord?id=CVE-2026-44942
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44942.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44942
Downstream
Related
Published
2026-06-18T09:57:12.821Z
Modified
2026-07-08T08:05:16.265832027Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
libzypp .repo files can have an optional path which can lead to path traversal attacks
Details

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44942.json",
    "cna_assigner": "suse",
    "cwe_ids": [
        "CWE-24"
    ]
}
References

Affected packages

Git / github.com/opensuse/libzypp

Affected ranges

Type
GIT
Repo
https://github.com/opensuse/libzypp
Events
Introduced
Fixed
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "17.0.0"
        },
        {
            "fixed": "17.38.13"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "16.22.19"
        }
    ]
}

Affected versions

10.*
10.0.0
10.1.0
10.1.1
10.2.0
10.3.0
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5
11.*
11.0.0
11.1.0
11.1.1
11.2.0
11.3.0
11.4.0
11.5.0
11.6.0
11.6.2
11.6.3
11.7.0
12.*
12.0.0
12.0.1
12.1.0
12.10.0
12.10.1
12.11.0
12.2.0
12.3.0
12.4.0
12.5.0
12.6.0
12.7.0
12.8.0
12.8.1
12.9.0
13.*
13.0.0
13.1.0
13.2.0
13.3.0
13.4.0
13.5.0
13.6.0
13.7.0
14.*
14.0.0
14.1.0
14.1.1
14.10.0
14.11.0
14.12.0
14.13.0
14.14.0
14.15.0
14.16.0
14.16.1
14.17.0
14.17.1
14.17.2
14.17.3
14.17.4
14.17.5
14.18.0
14.19.0
14.2.0
14.2.1
14.20.0
14.21.0
14.22.0
14.23.0
14.24.0
14.25.0
14.26.0
14.26.1
14.27.0
14.27.1
14.27.2
14.28.0
14.29.0
14.29.1
14.29.2
14.29.3
14.29.4
14.3.0
14.30.0
14.30.1
14.30.2
14.31.0
14.32.0
14.32.1
14.32.2
14.33.0
14.34.0
14.35.0
14.36.0
14.37.0
14.37.1
14.38.0
14.38.1
14.4.0
14.5.0
14.6.0
14.7.0
14.8.0
14.9.0
15.*
15.0.0
15.1.0
15.1.1
15.1.2
15.1.3
15.10.0
15.11.0
15.12.0
15.13.0
15.14.0
15.15.0
15.16.0
15.16.1
15.16.2
15.17.0
15.17.1
15.17.2
15.18.0
15.19.0
15.19.1
15.19.2
15.19.3
15.19.4
15.19.5
15.19.6
15.19.7
15.2.0
15.20.0
15.21.0
15.21.1
15.21.2
15.21.3
15.21.4
15.21.5
15.21.6
15.21.7
15.22.0
15.3.0
15.4.0
15.4.1
15.5.0
15.6.0
15.7.0
15.8.0
15.9.0
16.*
16.0.0
16.0.3
16.0.5
16.1.0
16.1.2
16.1.3
16.10.0
16.11.0
16.12.0
16.13.0
16.14.0
16.15.0
16.15.1
16.15.2
16.15.3
16.15.4
16.15.5
16.15.6
16.16.0
16.17.0
16.17.1
16.17.10
16.17.11
16.17.12
16.17.13
16.17.14
16.17.15
16.17.16
16.17.17
16.17.18
16.17.19
16.17.2
16.17.20
16.17.21
16.17.3
16.17.4
16.17.5
16.17.6
16.17.7
16.17.8
16.17.9
16.18.0
16.19.0
16.19.1
16.2.0
16.2.1
16.2.2
16.2.25
16.2.3
16.2.4
16.20.0
16.20.1
16.20.2
16.21.0
16.21.1
16.21.2
16.21.3
16.21.4
16.22.0
16.22.1
16.22.10
16.22.11
16.22.12
16.22.13
16.22.14
16.22.15
16.22.16
16.22.17
16.22.18
16.22.2
16.22.3
16.22.4
16.22.5
16.22.6
16.22.7
16.22.8
16.22.9
16.3.0
16.3.1
16.3.2
16.4.0
16.4.1
16.4.2
16.4.3
16.5.0
16.5.1
16.5.2
16.6.0
16.6.1
16.7.0
16.8.0
16.9.0
17.*
17.0.0
17.0.1
17.0.2
17.0.3
17.0.4
17.0.5
17.1.0
17.1.1
17.1.2
17.1.3
17.10.0
17.10.1
17.10.2
17.10.3
17.11.0
17.11.1
17.11.2
17.11.3
17.11.4
17.12.0
17.13.0
17.14.0
17.14.1
17.15.0
17.16.0
17.17.0
17.18.0
17.18.1
17.19.0
17.2.0
17.2.1
17.2.2
17.20.0
17.21.0
17.22.0
17.22.1
17.23.0
17.23.1
17.23.2
17.23.3
17.23.4
17.23.5
17.23.6
17.23.7
17.23.8
17.24.0
17.24.1
17.24.2
17.25.0
17.25.1
17.25.10
17.25.2
17.25.3
17.25.4
17.25.5
17.25.6
17.25.9
17.26.0
17.27.0
17.28.0
17.28.1
17.28.2
17.28.3
17.28.4
17.28.5
17.28.6
17.28.7
17.28.8
17.29.0
17.29.1
17.29.2
17.29.3
17.29.4
17.29.5
17.29.6
17.29.7
17.3.0
17.3.1
17.30.0
17.30.1
17.30.2
17.30.3
17.31.0
17.31.1
17.31.10
17.31.11
17.31.12
17.31.13
17.31.14
17.31.15
17.31.16
17.31.17
17.31.18
17.31.19
17.31.2
17.31.20
17.31.21
17.31.22
17.31.23
17.31.24
17.31.25
17.31.26
17.31.27
17.31.28
17.31.29
17.31.3
17.31.30
17.31.31
17.31.32
17.31.4
17.31.5
17.31.6
17.31.7
17.31.8
17.31.9
17.32.0
17.32.1
17.32.2
17.32.3
17.32.4
17.32.5
17.32.6
17.33.0
17.33.1
17.33.2
17.33.3
17.33.4
17.34.0
17.34.1
17.34.2
17.35.0
17.35.1
17.35.10
17.35.11
17.35.12
17.35.13
17.35.14
17.35.15
17.35.16
17.35.17
17.35.18
17.35.19
17.35.2
17.35.3
17.35.4
17.35.5
17.35.6
17.35.7
17.35.8
17.35.9
17.36.0
17.36.1
17.36.2
17.36.3
17.36.4
17.36.5
17.36.6
17.36.7
17.37.0
17.37.1
17.37.10
17.37.11
17.37.12
17.37.13
17.37.14
17.37.15
17.37.16
17.37.17
17.37.18
17.37.2
17.37.3
17.37.4
17.37.5
17.37.6
17.37.7
17.37.8
17.37.9
17.38.0
17.38.1
17.38.10
17.38.11
17.38.12
17.38.2
17.38.3
17.38.4
17.38.5
17.38.6
17.38.7
17.38.8
17.38.9
17.4.0
17.5.0
17.5.1
17.5.2
17.6.0
17.6.1
17.6.2
17.6.3
17.6.4
17.7.0
17.7.1
17.7.2
17.8.0
17.8.1
17.9.0
6.*
6.10.0
6.10.1
6.11.0
6.11.2
6.11.4
6.12.0
6.13.0
6.13.3
6.14.0
6.14.1
6.14.3
6.15.0
6.16.0
6.17.0
6.17.1
6.17.2
6.18.0
6.18.1
6.18.2
6.19.0
6.19.1
6.19.2
6.19.3
6.20.0
6.21.0
6.21.1
6.21.2
6.21.3
6.21.4
6.22.0
6.22.1
6.22.3
6.23.0
6.24.0
6.24.2
6.24.3
6.25.0
6.26.0
6.27.0
6.27.1
6.29.0
6.29.2
6.29.3
6.29.4
6.29.5
6.30.1
6.30.3
6.30.5
6.31.0
6.31.1
6.31.2
6.31.3
6.6.0
6.7.0
6.8.0
6.8.1
6.8.2
6.8.3
6.9.0
6.9.1
6.9.2
6.9.3
7.*
7.0.0
7.1.0
7.1.1
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.7.2
7.7.3
7.7.4
7.7.5
8.*
8.0.1
8.1.0
8.1.1
8.1.2
8.10.5
8.10.6
8.11.0
8.12.0
8.12.1
8.2.0
8.3.0
8.4.0
8.5.0
9.*
9.0.0
9.0.1
9.0.2
9.0.3
9.1.0
9.1.1
9.1.2
9.10.0
9.10.1
9.10.2
9.11.0
9.2.0
9.3.0
9.4.0
9.5.0
9.6.0
9.7.0
9.8.0
9.8.1
9.8.2
9.8.3
9.8.4
9.8.5
9.8.6
9.8.7
9.9.0
9.9.1
9.9.2
Other
BASE-SuSE-Code-11-Branch
BASE-SuSE-Code-11_2-Branch
BASE-SuSE-Code-11_4-Branch
BASE-SuSE-Code-12_1-Branch
BASE-SuSE-Code-12_2-Branch
BASE-SuSE-Code-12_3-Branch
BASE-SuSE-Code-13_1-Branch
BASE-SuSE-Linux-10_3-Branch
BASE-SuSE-Linux-11_0-Branch
BASE-SuSE-RES-8-Branch
BASE-SuSE-SLE-10-SP2-Branch
BASE-SuSE-SLE-11-SP2-Branch
BASE-SuSE-SLE-12-Branch
BASE-SuSE-SLE-12-SP1-Branch
BASE-SuSE-SLE-12-SP2-Branch

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44942.json"