Unrated severityNVD Advisory· Published Mar 7, 2026· Updated Mar 9, 2026

CVE-2026-2219

Description

It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

Affected products

Debian/Dpkgv5
Range: 1.21.18

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.dpkg.org/cgit/dpkg/dpkg.git/commit/mitrepatch
bugs.debian.org/1129722mitreissue-tracking

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000