Unrated severityOSV Advisory· Published Jan 1, 2026· Updated Jan 2, 2026
eopkg vulnerable to package file list integrity bypass
CVE-2026-21437
Description
eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by eopkg. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be shown by lseopkg and related tools. The issue has been fixed in v4.4.0. Users only installing packages from the Solus repositories are not affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/getsolus/eopkg/commit/e7694323ed64e08b5b4b108fff273c64125cd39dmitrex_refsource_MISC
- github.com/getsolus/eopkg/pull/201mitrex_refsource_MISC
- github.com/getsolus/eopkg/releases/tag/v4.4.0mitrex_refsource_MISC
- github.com/getsolus/eopkg/security/advisories/GHSA-hjp7-qwrj-6cc6mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.