Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
SUSE-SU-2026:22062-1
Vulnerability from csaf_suse - Published: 2026-06-08 14:15 - Updated: 2026-06-08 14:15Summary
Security update for libzypp
Severity
Moderate
Notes
Title of the patch: Security update for libzypp
Description of the patch: This update for libzypp fixes the following issue
Version 17.38.12 (35):
- CVE-2026-44941: path traversal via "keyhint" (bsc#1267426).
Patchnames: SUSE-SLE-Micro-6.0-744
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libzypp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libzypp fixes the following issue\n\nVersion 17.38.12 (35):\n\n- CVE-2026-44941: path traversal via \"keyhint\" (bsc#1267426).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-744",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22062-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22062-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622062-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22062-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047277.html"
},
{
"category": "self",
"summary": "SUSE Bug 1267426",
"url": "https://bugzilla.suse.com/1267426"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44941 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44941/"
}
],
"title": "Security update for libzypp",
"tracking": {
"current_release_date": "2026-06-08T14:15:49Z",
"generator": {
"date": "2026-06-08T14:15:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22062-1",
"initial_release_date": "2026-06-08T14:15:49Z",
"revision_history": [
{
"date": "2026-06-08T14:15:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libzypp-17.38.12-1.1.aarch64",
"product": {
"name": "libzypp-17.38.12-1.1.aarch64",
"product_id": "libzypp-17.38.12-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libzypp-17.38.12-1.1.s390x",
"product": {
"name": "libzypp-17.38.12-1.1.s390x",
"product_id": "libzypp-17.38.12-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libzypp-17.38.12-1.1.x86_64",
"product": {
"name": "libzypp-17.38.12-1.1.x86_64",
"product_id": "libzypp-17.38.12-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.38.12-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.aarch64"
},
"product_reference": "libzypp-17.38.12-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.38.12-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.s390x"
},
"product_reference": "libzypp-17.38.12-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.38.12-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.x86_64"
},
"product_reference": "libzypp-17.38.12-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44941"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.aarch64",
"SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.s390x",
"SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44941",
"url": "https://www.suse.com/security/cve/CVE-2026-44941"
},
{
"category": "external",
"summary": "SUSE Bug 1266039 for CVE-2026-44941",
"url": "https://bugzilla.suse.com/1266039"
},
{
"category": "external",
"summary": "SUSE Bug 1267426 for CVE-2026-44941",
"url": "https://bugzilla.suse.com/1267426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.aarch64",
"SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.s390x",
"SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.aarch64",
"SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.s390x",
"SUSE Linux Micro 6.0:libzypp-17.38.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-08T14:15:49Z",
"details": "important"
}
],
"title": "CVE-2026-44941"
}
]
}
SUSE-SU-2026:22073-1
Vulnerability from csaf_suse - Published: 2026-06-09 13:37 - Updated: 2026-06-09 13:37Summary
Security update for libzypp
Severity
Moderate
Notes
Title of the patch: Security update for libzypp
Description of the patch: This update for libzypp fixes the following issues
Version 17.38.13 (35):
- CVE-2026-44941: path traversal via "keyhint" (bsc#1267426).
- CVE-2026-44942: .repo files can have an optional path which can lead to path traversal attacks (bsc#1267874).
Patchnames: SUSE-SLE-Micro-6.1-569
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libzypp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libzypp fixes the following issues\n\nVersion 17.38.13 (35):\n\n- CVE-2026-44941: path traversal via \"keyhint\" (bsc#1267426).\n- CVE-2026-44942: .repo files can have an optional path which can lead to path traversal attacks (bsc#1267874).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-569",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22073-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22073-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622073-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22073-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047281.html"
},
{
"category": "self",
"summary": "SUSE Bug 1267426",
"url": "https://bugzilla.suse.com/1267426"
},
{
"category": "self",
"summary": "SUSE Bug 1267874",
"url": "https://bugzilla.suse.com/1267874"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44941 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44942 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44942/"
}
],
"title": "Security update for libzypp",
"tracking": {
"current_release_date": "2026-06-09T13:37:44Z",
"generator": {
"date": "2026-06-09T13:37:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22073-1",
"initial_release_date": "2026-06-09T13:37:44Z",
"revision_history": [
{
"date": "2026-06-09T13:37:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libzypp-17.38.13-slfo.1.1_1.1.aarch64",
"product": {
"name": "libzypp-17.38.13-slfo.1.1_1.1.aarch64",
"product_id": "libzypp-17.38.13-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libzypp-17.38.13-slfo.1.1_1.1.ppc64le",
"product": {
"name": "libzypp-17.38.13-slfo.1.1_1.1.ppc64le",
"product_id": "libzypp-17.38.13-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libzypp-17.38.13-slfo.1.1_1.1.s390x",
"product": {
"name": "libzypp-17.38.13-slfo.1.1_1.1.s390x",
"product_id": "libzypp-17.38.13-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libzypp-17.38.13-slfo.1.1_1.1.x86_64",
"product": {
"name": "libzypp-17.38.13-slfo.1.1_1.1.x86_64",
"product_id": "libzypp-17.38.13-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.38.13-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.aarch64"
},
"product_reference": "libzypp-17.38.13-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.38.13-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.ppc64le"
},
"product_reference": "libzypp-17.38.13-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.38.13-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.s390x"
},
"product_reference": "libzypp-17.38.13-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.38.13-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.x86_64"
},
"product_reference": "libzypp-17.38.13-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44941"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44941",
"url": "https://www.suse.com/security/cve/CVE-2026-44941"
},
{
"category": "external",
"summary": "SUSE Bug 1266039 for CVE-2026-44941",
"url": "https://bugzilla.suse.com/1266039"
},
{
"category": "external",
"summary": "SUSE Bug 1267426 for CVE-2026-44941",
"url": "https://bugzilla.suse.com/1267426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:37:44Z",
"details": "important"
}
],
"title": "CVE-2026-44941"
},
{
"cve": "CVE-2026-44942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44942"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44942",
"url": "https://www.suse.com/security/cve/CVE-2026-44942"
},
{
"category": "external",
"summary": "SUSE Bug 1267874 for CVE-2026-44942",
"url": "https://bugzilla.suse.com/1267874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libzypp-17.38.13-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:37:44Z",
"details": "moderate"
}
],
"title": "CVE-2026-44942"
}
]
}