CVE-2026-25707

NameCVE-2026-25707
DescriptionA relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libzypp (PTS)bullseye17.25.7-1vulnerable
bookworm17.25.7-2.4vulnerable
trixie17.36.7-1vulnerable
forky, sid17.38.14-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libzyppsource(unstable)17.38.11-1

Notes

[trixie] - libzypp <no-dsa> (Minor issue)
https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b (17.38.10)
Search for package or bug name: Reporting problems