CVE-2026-44932

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions wicked versions prior to 0.6.79

Description An indirect remote shell command injection exists due to unsanitized DHCP options. The issue involves improper processing of posix-tz-dbname and tz-string options, as well as a failure to escape single-quotes in leaseinfo dump output used by wicked test dhcp4 and wicked test dhcp6 and written to /run/wicked/leaseinfo.* files.

Recommendations Update to version 0.6.79. Regenerate the initrd if it contains wicked binaries when updating from versions 0.6.78 and earlier.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-44932

SUSE-SU-2026:2349-1

SUSE-SU-2026:2350-1

SUSE-SU-2026:2353-1

SUSE-SU-2026:2354-1

Affected Products

Wicked

CVE-2026-44932

Related Identifiers

Affected Products

References · 10