CVE-2026-44942 PUBLISHED

libzypp .repo files can have an optional path which can lead to path traversal attacks

Assigner: suse
Reserved: 08.05.2026 Published: 18.06.2026 Updated: 18.06.2026

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SUSE
Product	libzypp
Versions	Default: unaffected affected from 17.0.0 to 17.38.13 (excl.) affected from 0 to 16.22.19 (excl.)

Credits

Michael Andres finder

References

https://bugzilla.suse.com/show_bug.cgi?id=1267874
https://www.suse.com/security/cve/CVE-2026-44942.html

Problem Types

CWE-24 Path traversal: '../filedir' CWE

Impacts

CAPEC-130 Excessive Allocation