CVE-2026-21437

MEDIUM

eopkg < 4.4.0 - Missing Integrity Check for Untracked Package Files

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-21437. PoCs published by osmancanvural.

AI-analyzed exploit summary The repository contains a README referencing CVE-2026-21437 with links to related GitHub repositories and security advisories, but no actual exploit code or technical details are provided.

Description

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by `eopkg`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be shown by `lseopkg` and related tools. The issue has been fixed in v4.4.0. Users only installing packages from the Solus repositories are not affected.

Exploits (1)

nomisec WRITEUP
by osmancanvural · poc
https://github.com/osmancanvural/CVE-2026-21437

The repository contains a README referencing CVE-2026-21437 with links to related GitHub repositories and security advisories, but no actual exploit code or technical details are provided.

Classification
Writeup 80%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.5
EPSS 0.0015
EPSS Percentile 4.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-353
Status published
Products (1)
getsol/eopkg < 4.4.0
Published Jan 01, 2026
Tracked Since Feb 18, 2026