All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-44941
HIGHpublished 2026-07-02 16:16 UTC · 2 days ago · modified 2026-07-03 04:17 UTC
8.4
CVSS / 10
// description
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
// weaknesses (CWE)
- CWE-23