Donate Telegram

CVE-2026-2219

NONE EPSS 0.02%

Mar 07, 2026

Updated Mar 07, 2026

Debian

Parameter	Value
Vendor	Debian
Public PoC	No

It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

References 2

https://bugs.debian.org/1129722

security@debian.org

https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302e…

security@debian.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-23462

Debian

CVE-2026-23407

Debian

CVE-2026-23406

Debian

CVE-2026-23192

Linux

CVE-2026-23171

Linux

CVE Details

CVE ID

CVE-2026-2219

Published Date

Mar 07, 2026

Vendor

Debian

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.02%

Likelihood of exploitation in next 30 days

Percentile: 6.3th percentile (higher than 6.3% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

Editor's Choice