CVE-2026-44933
Path Traversal in PluginScript
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: SUSE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability occurs in PluginScript when it attempts to chroot the plugin to the repoManagerRoot directory. In many standard configurations or when using the --root option, this root directory is set to the system root (/). When the chroot target is /, the chroot operation effectively does nothing (a no-op). This allows an attacker to traverse paths and execute host binaries, such as /bin/bash, with root privileges.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute host system binaries with root privileges. Because the chroot operation is ineffective when targeting the system root, an attacker could gain unauthorized root-level access to the system, potentially leading to full system compromise.