CVE-2026-21437

LOW EPSS 4.6%
Published Jan 1, 20266mo ago · Modified Jun 17, 20262w ago
2.0 CVSS 4.0
Low
Find Similar
Published Jan 1, 2026 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by `eopkg`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be shown by `lseopkg` and related tools. The issue has been fixed in v4.4.0. Users only installing packages from the Solus repositories are not affected.

CVSS Details

Base Score
2.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
4.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-353

Affected Products 1

VendorProductVersionRange
getsoleopkg* <4.4.0

References 4

  • github.com https://github.com/getsolus/eopkg/commit/e7694323ed64e08b5b4b108fff273c64125cd39d
    Patch
  • github.com https://github.com/getsolus/eopkg/pull/201
    Issue TrackingPatch
  • github.com https://github.com/getsolus/eopkg/releases/tag/v4.4.0
    ProductRelease Notes
  • github.com https://github.com/getsolus/eopkg/security/advisories/GHSA-hjp7-qwrj-6cc6
    PatchVendor Advisory

Remediation

  • github.com https://github.com/getsolus/eopkg/commit/e7694323ed64e08b5b4b108fff273c64125cd39d
    Patch
  • github.com https://github.com/getsolus/eopkg/pull/201
    Issue TrackingPatch
  • github.com https://github.com/getsolus/eopkg/security/advisories/GHSA-hjp7-qwrj-6cc6
    PatchVendor Advisory