CVE-2026-44933
7.8 HIGH`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard config...
Published: 2026-05-20 · Last updated: 2026-05-20
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-35
Description
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-40128 — SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that man... (9.0 CRITICAL)
- CVE-2026-24315 — SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened ... (4.2 MEDIUM)
- CVE-2026-45661 — Dokploy is a free, self-hostable Platform as a Service (PaaS) (9.9 CRITICAL)
- CVE-2026-45495 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (8.8 HIGH)
- CVE-2026-7302 — SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arb... (9.1 CRITICAL)