CVE-2026-21436

MEDIUM

eopkg < 4.4.0 - Path Traversal via --destdir Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-21436. PoCs published by osmancanvural.

AI-analyzed exploit summary This PoC exploits a directory traversal vulnerability in Solus OS's eopkg package manager (version <= 4.3.4), allowing arbitrary file write via crafted .eopkg archives. The script generates a malicious tar.xz archive with traversal paths to demonstrate the flaw.

Description

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by `--destdir`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given by `--destdir`, but on a different location on the host. The issue has been fixed in v4.4.0. Users only installing packages from the Solus repositories are not affected.

Exploits (1)

nomisec WORKING POC
by osmancanvural · poc
https://github.com/osmancanvural/CVE-2026-21436

This PoC exploits a directory traversal vulnerability in Solus OS's eopkg package manager (version <= 4.3.4), allowing arbitrary file write via crafted .eopkg archives. The script generates a malicious tar.xz archive with traversal paths to demonstrate the flaw.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: eopkg <= 4.3.4
No auth needed
Prerequisites: Access to a Solus OS system with eopkg <= 4.3.4 · Ability to create/modify .eopkg packages
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.5
EPSS 0.0026
EPSS Percentile 16.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-24
Status published
Products (1)
getsol/eopkg < 4.4.0
Published Jan 01, 2026
Tracked Since Feb 18, 2026