CVE-2026-21436

Name of the Vulnerable Software and Affected Versions eopkg versions prior to 4.4.0

Description eopkg is a package manager for Solus implemented in Python3. A malicious package could bypass the directory restrictions imposed by the --destdir option. Exploitation requires installing a package from a compromised or malicious source. Such packages would then install files outside the intended --destdir location on the host system. Users who only install packages from the official Solus repositories are not affected.

Recommendations Update to version 4.4.0 or later.