CVE-2026-21437

Name of the Vulnerable Software and Affected Versions eopkg versions prior to 4.4.0

Description eopkg, a Solus package manager implemented in python3, contains a flaw where a malicious package could include files that are not tracked by eopkg. This requires installation of a package from a malicious or compromised source. Files within such packages would not be displayed by lseopkg and related tools. Users installing packages solely from the Solus repositories are not affected.

Recommendations Update to version 4.4.0 or later.