CVE-2026-21436 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by `--destdir`. This req…
Medium CVSS: 5.8

CVE-2026-21436

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by `--destdir`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given by `--destdir`, but on a different location on the host. The issue has been fixed in v4.4.0. Users only installing packages from the Solus repositories are not affected.
Vendor
Getsol
Product
Eopkg
CWE
CWE-24
Yayın Tarihi
2026-01-01 18:15:41
Güncelleme
2026-03-04 21:33:14
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-24 Eopkg MEDIUM Getsol 2026

Referanslar

https://github.com/getsolus/eopkg/commit/e7694323ed64e08b5b4b108fff273c64125cd39d https://github.com/getsolus/eopkg/pull/201 https://github.com/getsolus/eopkg/releases/tag/v4.4.0 https://github.com/getsolus/eopkg/security/advisories/GHSA-786v-47cq-qm6m