PluginScript Vulnerability Affecting System Root Access in Plugin Software
CVE-2026-44933

8.5HIGH

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise; Opensuse
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-44933?

A vulnerability exists in PluginScript that allows an attacker to exploit the 'chroot' functionality. In standard configurations, the chroot target may erroneously point to the system root, effectively making the chroot operation a no-op. This misconfiguration can lead to unauthorized access to host binaries, potentially allowing attackers to execute commands with root privileges, posing significant security risks to the underlying system.

Affected Version(s)

openSUSE 17.38.8 < 17.38.9

SUSE Linux Enterprise 17.38.8 < 17.38.9

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-44933

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 8, 2026

Credit

Dirk Mueller of SUSE

CVE-2026-44933 Data

JSON

Suse

What is CVE-2026-44933?

Affected Version(s)

References

CVSS V4

Timeline

Credit