CVE-2026-25707

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H                                    

Vulnerability Description

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.

Vulnerability Details

Published Date

June 29, 2026

Last Modified

June 29, 2026

CWE ID

CWE-23

Source

NVD

Vendor

SUSE

Product

libzypp

External References

https://bugzilla.suse.com/show_bug.cgi?id=1259802
https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b

CVE-2026-25707

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment