PT-2026-55256 · Opensuse · Urild Service

Maxime Rinaudo

·

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-56004

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
A shellcode injection in the mercurial handler of the obs tar scm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56004

Affected Products

Urild Service