HIGHCVE-2026-44933Published Modified CNA suse
CVE-2026-44933: Path Traversal in Plugin Loading in libzypp
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.
Metrics
- CVSS v4.0
- 8.5
- Severity
- HIGH
- Fixed in
- 17.38.9
- Affected Products
- 2
Fix available
17.38.9
Affected packages
- SUSE / SUSE Linux Enterprise< 17.38.9 (from 17.38.8)
- SUSE / openSUSE< 17.38.9 (from 17.38.8)
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences