CVE-2026-44933 Path Traversal in Plugin Loading in libzypp

🗓️ 20 May 2026 08:51:12Reported by suseType

CVE-2026-44933: Path traversal in libzypp plugin loading; chroot to repoManagerRoot may enable host binaries to run as root if root is /.

Reporter	Title	Published	Views	Family All 16
ATTACKERKB	CVE-2026-44933	20 May 202608:51	–	attackerkb
Circl	CVE-2026-44933	20 May 202610:43	–	circl
CNNVD	libzypp 安全漏洞	20 May 202600:00	–	cnnvd
CVE	CVE-2026-44933	20 May 202608:51	–	cve
EUVD	EUVD-2026-31074	20 May 202608:51	–	euvd
NVD	CVE-2026-44933	20 May 202610:16	–	nvd
OSV	OPENSUSE-SU-2026:10826-1 libzypp-17.38.9-1.1 on GA media	20 May 202600:00	–	osv
OSV	SUSE-SU-2026:21738-1 Security update for libsolv, libzypp, zypper	21 May 202608:54	–	osv
OSV	SUSE-SU-2026:21786-1 Security update for libzypp	22 May 202610:59	–	osv
OSV	UBUNTU-CVE-2026-44933	20 May 202610:16	–	osv

[
  {
    "vendor": "SUSE",
    "product": "SUSE Linux Enterprise",
    "packageName": "libzypp",
    "versions": [
      {
        "status": "affected",
        "version": "17.38.8",
        "lessThan": "17.38.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "SUSE",
    "product": "openSUSE",
    "packageName": "libzypp",
    "versions": [
      {
        "status": "affected",
        "version": "17.38.8",
        "lessThan": "17.38.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
bugzilla	www.bugzilla.suse.com/show_bug.cgi

20 May 2026 08:51Current

CVSS 3.17.8

CVSS 48.5

EPSS0.00006

CWE-35