busybox (SUSE:Linux Enterprise Server 16.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 16.0 package busybox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2026-29004 — CVSS 8.1 (high): BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in…
CVE-2026-26157 — CVSS 7.0 (high): A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious…
CVE-2026-26158 — CVSS 7.0 (high): A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting…
CVE-2025-60876 — CVSS 6.5 (medium): BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the…
CVE-2025-46394 — CVSS 3.2 (low): In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.