An update for busybox is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1544 Final 1.0 1.0 2026-03-15 Initial 2026-03-15 2026-03-15 openEuler SA Tool V1.0 2026-03-15 busybox security update An update for busybox is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3 The Swiss Army Knife of Embedded Linux Security Fix(es): A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.(CVE-2026-26157) A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.(CVE-2026-26158) An update for busybox is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High busybox https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1544 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-26157 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-26158 https://nvd.nist.gov/vuln/detail/CVE-2026-26157 https://nvd.nist.gov/vuln/detail/CVE-2026-26158 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 busybox-1.31.1-28.oe2003sp4.aarch64.rpm busybox-debuginfo-1.31.1-28.oe2003sp4.aarch64.rpm busybox-debugsource-1.31.1-28.oe2003sp4.aarch64.rpm busybox-help-1.31.1-28.oe2003sp4.aarch64.rpm busybox-petitboot-1.31.1-28.oe2003sp4.aarch64.rpm busybox-1.34.1-28.oe2203sp4.aarch64.rpm busybox-debuginfo-1.34.1-28.oe2203sp4.aarch64.rpm busybox-debugsource-1.34.1-28.oe2203sp4.aarch64.rpm busybox-help-1.34.1-28.oe2203sp4.aarch64.rpm busybox-petitboot-1.34.1-28.oe2203sp4.aarch64.rpm busybox-1.36.1-14.oe2403.aarch64.rpm busybox-debuginfo-1.36.1-14.oe2403.aarch64.rpm busybox-debugsource-1.36.1-14.oe2403.aarch64.rpm busybox-petitboot-1.36.1-14.oe2403.aarch64.rpm busybox-1.36.1-14.oe2403sp1.aarch64.rpm busybox-debuginfo-1.36.1-14.oe2403sp1.aarch64.rpm busybox-debugsource-1.36.1-14.oe2403sp1.aarch64.rpm busybox-petitboot-1.36.1-14.oe2403sp1.aarch64.rpm busybox-1.36.1-14.oe2403sp2.aarch64.rpm busybox-debuginfo-1.36.1-14.oe2403sp2.aarch64.rpm busybox-debugsource-1.36.1-14.oe2403sp2.aarch64.rpm busybox-petitboot-1.36.1-14.oe2403sp2.aarch64.rpm busybox-1.36.1-14.oe2403sp3.aarch64.rpm busybox-debuginfo-1.36.1-14.oe2403sp3.aarch64.rpm busybox-debugsource-1.36.1-14.oe2403sp3.aarch64.rpm busybox-petitboot-1.36.1-14.oe2403sp3.aarch64.rpm busybox-1.31.1-28.oe2003sp4.src.rpm busybox-1.34.1-28.oe2203sp4.src.rpm busybox-1.36.1-14.oe2403.src.rpm busybox-1.36.1-14.oe2403sp1.src.rpm busybox-1.36.1-14.oe2403sp2.src.rpm busybox-1.36.1-14.oe2403sp3.src.rpm busybox-1.31.1-28.oe2003sp4.x86_64.rpm busybox-debuginfo-1.31.1-28.oe2003sp4.x86_64.rpm busybox-debugsource-1.31.1-28.oe2003sp4.x86_64.rpm busybox-help-1.31.1-28.oe2003sp4.x86_64.rpm busybox-petitboot-1.31.1-28.oe2003sp4.x86_64.rpm busybox-1.34.1-28.oe2203sp4.x86_64.rpm busybox-debuginfo-1.34.1-28.oe2203sp4.x86_64.rpm busybox-debugsource-1.34.1-28.oe2203sp4.x86_64.rpm busybox-help-1.34.1-28.oe2203sp4.x86_64.rpm busybox-petitboot-1.34.1-28.oe2203sp4.x86_64.rpm busybox-1.36.1-14.oe2403.x86_64.rpm busybox-debuginfo-1.36.1-14.oe2403.x86_64.rpm busybox-debugsource-1.36.1-14.oe2403.x86_64.rpm busybox-petitboot-1.36.1-14.oe2403.x86_64.rpm busybox-1.36.1-14.oe2403sp1.x86_64.rpm busybox-debuginfo-1.36.1-14.oe2403sp1.x86_64.rpm busybox-debugsource-1.36.1-14.oe2403sp1.x86_64.rpm busybox-petitboot-1.36.1-14.oe2403sp1.x86_64.rpm busybox-1.36.1-14.oe2403sp2.x86_64.rpm busybox-debuginfo-1.36.1-14.oe2403sp2.x86_64.rpm busybox-debugsource-1.36.1-14.oe2403sp2.x86_64.rpm busybox-petitboot-1.36.1-14.oe2403sp2.x86_64.rpm busybox-1.36.1-14.oe2403sp3.x86_64.rpm busybox-debuginfo-1.36.1-14.oe2403sp3.x86_64.rpm busybox-debugsource-1.36.1-14.oe2403sp3.x86_64.rpm busybox-petitboot-1.36.1-14.oe2403sp3.x86_64.rpm busybox-help-1.36.1-14.oe2403.noarch.rpm busybox-help-1.36.1-14.oe2403sp1.noarch.rpm busybox-help-1.36.1-14.oe2403sp2.noarch.rpm busybox-help-1.36.1-14.oe2403sp3.noarch.rpm A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files. 2026-03-15 CVE-2026-26157 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 High 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H busybox security update 2026-03-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1544 A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files. 2026-03-15 CVE-2026-26158 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 High 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H busybox security update 2026-03-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1544