High severity7.8NVD Advisory· Published May 20, 2026· Updated May 20, 2026
CVE-2026-44933
CVE-2026-44933
Description
PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / (the system root) in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries (like /bin/bash) with root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
37- osv-coords37 versionspkg:rpm/opensuse/libzypp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP6pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP6pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Micro%206.2
< 17.38.9-1.1+ 36 more
- (no CPE)range: < 17.38.9-1.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150600.8.24.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150700.11.10.1
- (no CPE)range: < 0.7.39-150700.11.10.1
- (no CPE)range: < 0.7.39-150700.11.10.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-150600.8.24.1
- (no CPE)range: < 0.7.39-160000.1.1
- (no CPE)range: < 0.7.39-150500.6.17.1
- (no CPE)range: < 0.7.39-160000.1.1
- (no CPE)range: < 0.7.39-160000.1.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150600.3.92.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150700.6.13.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-150600.3.92.1
- (no CPE)range: < 17.38.13-160000.1.1
- (no CPE)range: < 17.38.13-150500.6.74.1
- (no CPE)range: < 17.38.13-160000.1.1
- (no CPE)range: < 17.38.13-160000.1.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150700.13.6.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-150600.10.55.1
- (no CPE)range: < 1.14.98-160000.1.1
- (no CPE)range: < 1.14.98-150500.6.45.1
- (no CPE)range: < 1.14.98-160000.1.1
- (no CPE)range: < 1.14.98-160000.1.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.