Back to search
CVE-2026-21437
Published: Jan 1, 2026
Modified: Jan 2, 2026
PUBLISHED
Description
eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by `eopkg`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be shown by `lseopkg` and related tools. The issue has been fixed in v4.4.0. Users only installing packages from the Solus repositories are not affected.
| Vendor | Product | Versions |
|---|---|---|
getsolus | eopkg | affected < 4.4.0 |
Weaknesses (CWE)
References
https://github.com/getsolus/eopkg/security/advisories/GHSA-hjp7-qwrj-6cc6
x_refsource_CONFIRM
https://github.com/getsolus/eopkg/pull/201
x_refsource_MISC
https://github.com/getsolus/eopkg/releases/tag/v4.4.0
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now