Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 02 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 02 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Suse
Suse libzypp |
|
| Vendors & Products |
Suse
Suse libzypp |
Thu, 02 Jul 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root. | |
| Title | libzypp path traversal via "keyhint" in repomd.xml | |
| Weaknesses | CWE-23 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: suse
Published:
Updated: 2026-07-02T17:32:53.033Z
Reserved: 2026-05-08T12:29:48.968Z
Link: CVE-2026-44941
Updated: 2026-07-02T17:32:40.774Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-02T17:30:04Z