Search
Find a vulnerability
Search criteria
2 vulnerabilities found for wicked by SUSE
CVE-2026-44932 (GCVE-0-2026-44932)
Vulnerability from nvd – Published: 2026-06-16 15:26 – Updated: 2026-06-18 03:55
VLAI
Title
indirect remote shell command injection via unsanitized DHCP options in wicked
Summary
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1265221 | issue-tracking |
| https://github.com/openSUSE/wicked/releases/tag/v… | release-notes |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
Date Public
2026-06-10 15:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T03:55:34.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/openSUSE/wicked",
"defaultStatus": "unaffected",
"modules": [
"dhcp handling"
],
"packageName": "wicked",
"product": "wicked",
"repo": "https://github.com/openSUSE/wicked",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.6.79",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wolfgang Frisch using Claude Opus"
}
],
"datePublic": "2026-06-10T15:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003ePassing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.\u003c/div\u003e"
}
],
"value": "Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T15:26:51.919Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1265221"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/openSUSE/wicked/releases/tag/version-0.6.79"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026688.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026689.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026690.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026691.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "indirect remote shell command injection via unsanitized DHCP options in wicked",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44932",
"datePublished": "2026-06-16T15:26:51.919Z",
"dateReserved": "2026-05-08T12:29:48.966Z",
"dateUpdated": "2026-06-18T03:55:34.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44932 (GCVE-0-2026-44932)
Vulnerability from cvelistv5 – Published: 2026-06-16 15:26 – Updated: 2026-06-18 03:55
VLAI
Title
indirect remote shell command injection via unsanitized DHCP options in wicked
Summary
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1265221 | issue-tracking |
| https://github.com/openSUSE/wicked/releases/tag/v… | release-notes |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
Date Public
2026-06-10 15:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T03:55:34.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/openSUSE/wicked",
"defaultStatus": "unaffected",
"modules": [
"dhcp handling"
],
"packageName": "wicked",
"product": "wicked",
"repo": "https://github.com/openSUSE/wicked",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.6.79",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wolfgang Frisch using Claude Opus"
}
],
"datePublic": "2026-06-10T15:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003ePassing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.\u003c/div\u003e"
}
],
"value": "Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T15:26:51.919Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1265221"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/openSUSE/wicked/releases/tag/version-0.6.79"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026688.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026689.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026690.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026691.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "indirect remote shell command injection via unsanitized DHCP options in wicked",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44932",
"datePublished": "2026-06-16T15:26:51.919Z",
"dateReserved": "2026-05-08T12:29:48.966Z",
"dateUpdated": "2026-06-18T03:55:34.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}