CVE-2026-44933

HIGH 7.8

Path Traversal in Plugin Loading in libzypp

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.

CWE	CWE-35
Vendor	suse
Product	suse linux enterprise
Published	May 20, 2026
Last Updated	May 20, 2026

Stay Ahead of the Next One

Get instant alerts for suse suse linux enterprise

Be the first to know when new high vulnerabilities affecting suse suse linux enterprise are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

SUSE / SUSE Linux Enterprise

17.38.8 < 17.38.9

SUSE / openSUSE

17.38.8 < 17.38.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugzilla.suse.com: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-44933

Credits

Dirk Mueller of SUSE