CVE-2026-21437 – eopkg vulnerable to package file list integrity bypass

CVE ID : CVE-2026-21437

Published : Jan. 1, 2026, 6:06 p.m. | 19 minutes ago

Description : eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by `eopkg`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be shown by `lseopkg` and related tools. The issue has been fixed in v4.4.0. Users only installing packages from the Solus repositories are not affected.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…