A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
References
| Link | Resource |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1259802 | Issue Tracking |
| https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b | Patch |
Configurations
History
30 Jun 2026, 20:28
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Opensuse libzypp
Opensuse |
|
| CPE | cpe:2.3:a:opensuse:libzypp:*:*:*:*:*:*:*:* | |
| References | () https://bugzilla.suse.com/show_bug.cgi?id=1259802 - Issue Tracking | |
| References | () https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b - Patch |
29 Jun 2026, 10:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-29 10:16
Updated : 2026-06-30 20:28
NVD link : CVE-2026-25707
Mitre link : CVE-2026-25707
CVE.ORG link : CVE-2026-25707
JSON object : View
Products Affected
opensuse
- libzypp
CWE
CWE-23
Relative Path Traversal
